Page 1 of 14
Advances in Social Sciences Research Journal – Vol. 11, No. 7
Publication Date: July 25, 2024
DOI:10.14738/assrj.117.17308.
Ahmed, A. A. A., & Abas, H. (2024). Factors Influencing Information Security Policy Compliance Behavior in High Education
Institutions: Systematic Literature Review. Advances in Social Sciences Research Journal, 11(7). 260-273.
Services for Science and Education – United Kingdom
Factors Influencing Information Security Policy Compliance
Behavior in High Education Institutions: Systematic Literature
Review
Aisha Aissa Ali Ahmed
Doctor of Philosophy, Faculty of Artificial Intelligence,
Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia
Hafiza Abas
Advanced Informatics Department,
Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia
ABSTRACT
Information security policies and behaviors play a crucial role in organizations,
particularly in higher education institutions. These policies outline guidelines and
best practices to protect sensitive data, safeguard privacy, and prevent
unauthorized access or misuse of information. In higher education institutions, they
help secure research findings, intellectual property, and student records. By
fostering a culture of security awareness and encouraging responsible behavior,
organizations can safeguard their reputation, instill trust, and meet legal and
regulatory requirements. This literature review has revealed challenges and
highlighted the current trends of information security policy compliance, as well as
the theories used for information security compliance from 2013 to 2023. Out of 50
research papers published on the topic of information security policy compliance,
three influencing factors were identified through filtration: behavioral intention,
awareness and culture, and human with organizational management. The findings
show that there is a lack of information security policies in the higher education
sector. This review contributes to the information security literature by providing
a fully organized systematic review of conducted research in the last decade.
Keywords: Information and Communication technology, Information System Security,
Security models, IT Compliance, Information security
INTRODUCTION
In addition to the challenges posed by globalization and advanced technology, higher education
institutions also face unique information security concerns due to the nature of their
operations. These institutions typically store and manage large volumes of sensitive
information, including student records, research findings, financial data, and intellectual
property. Protecting this information is essential to maintain the privacy and integrity of these
institutions and to ensure the trust of their stakeholders. The educational process heavily relies
on sensitive, interactive, and collaborative information. Students and faculty utilize databases
and digital resources to access and share educational materials, engage in research activities,
and communicate with one another. Additionally, administrative staff often rely on digital
systems to manage various aspects of operations, such as admissions, enrolment, and financial
Page 2 of 14
261
Ahmed, A. A. A., & Abas, H. (2024). Factors Influencing Information Security Policy Compliance Behavior in High Education Institutions: Systematic
Literature Review. Advances in Social Sciences Research Journal, 11(7). 260-273.
URL: http://dx.doi.org/10.14738/assrj.117.17308
transactions. The interconnectedness of these systems makes them vulnerable to cyber threats
such as data breaches, malware attacks, and unauthorized access. Higher education institutions
contains sensitive data that lead to them being at higher risk [1]. Expert in computer security
have agreed that universities are among the least information security secured environment
[2]. Information security means protecting information and information systems from
unauthorized access use disruption, or destruction [3] or defending information from
unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or
destruction [4]. While information security can play a vital in protecting information system,
Information security experts believe that higher education institutions are least secured and
only a few universities have developed comprehensive information security policies in-line
with the thorough information security awareness programs [5, 6] One of the primary concerns
in information security policy is data confidentiality. Educational institutions handle vast
amounts of personal and sensitive information, including personally identifiable information
(PII) of students, faculty, and staff. This data must be protected from unauthorized access or
disclosure to prevent identity theft or other forms of harm. Encryption techniques, access
controls, and secure authentication methods are employed to safeguard this information and
ensure that only authorized individuals can access it [6-8].
Integrity is another critical aspect of information security in higher education institutions. The
integrity of data refers to its accuracy, completeness, and reliability. It is crucial to ensure that
research findings, academic records, financial data, and other information are not tampered
with or modified without proper authorization. Systematic backup procedures, version control
mechanisms, and data validation techniques are implemented to maintain data integrity and
prevent unauthorized modifications. Methods such as hash functions, digital signatures and
blockchain technology were used in various applications cryptographic protocols to ensure the
integrity of the data [9-12]. Availability of information is equally important in the context of
higher education. Students, faculty, and administrative staff rely on access to digital resources
and databases to carry out their academic and administrative activities effectively. Any
disruption to these systems, whether caused by malicious attacks or technical failures, can
significantly impact the institution's operations and hinder the educational process. To mitigate
this risk, institutions implement robust backup and disaster recovery measures, redundant
systems, and continuous monitoring to ensure the availability of information.
Information security policies and procedures play a vital role in maintaining the confidentiality,
integrity, and availability of sensitive data within higher education institutions. These policies
provide guidelines for managing and protecting information assets, define roles and
responsibilities, and outline acceptable use of technology resources. In this instance, Antokhina,
Ovodenko [9] exploits these policies to determine the main cryptographic algorithms and
protocols that are necessary and possible to use in distance education systems to ensure an
acceptable level of security. Also, regular training and awareness programs are conducted to
educate faculty, staff, and students about the importance of information security and to
promote a culture of security-conscious behavior. By prioritizing information security and
implementing comprehensive policies and procedures, higher education institutions can
mitigate the risks associated with cyber threats and safeguard their valuable information
assets. This, in turn, enables them to maintain their reputation, establish trust among
stakeholders, and continue providing a secure and productive educational environment.
Page 3 of 14
262
Advances in Social Sciences Research Journal (ASSRJ) Vol. 11, Issue 7, July-2024
Services for Science and Education – United Kingdom
The purpose of the systematic review mentioned in the introduction is to apply a theoretical
framework that can assist in enhancing information security in Libyan higher education
institutions. This review aims to provide a comprehensive understanding of the current
challenges in information security that these institutions face and propose effective strategies
to mitigate those challenges.
The systematic review process involves gathering and analysing relevant literature, including
academic papers, reports, and studies, to identify the existing theoretical frameworks and best
practices in information security. By examining a wide range of sources, the review aims to
establish a solid foundation of knowledge and provide insights into the unique context of
Libyan higher education institutions. Ultimately, the goal of this systematic review is to
contribute to the enhancement of information security practices in Libyan higher education
institutions and ensure the confidentiality, integrity, and availability of their valuable data. By
utilizing a theoretical framework and examining relevant literature, the review aims to provide
valuable guidance and support to these institutions in their efforts to protect sensitive
information and combat potential threats and attacks.
METHOD
In this study, a systematic literature review method is utilized to assess the findings of previous
researchers, scientists, and practitioners. The review follows the guidelines presented in Okoli
and Schabram [13] guide for conducting systematic reviews. This review summarizes previous
research on related topics and global studies that identify gaps in this area of research.
The Okoli and Schabram [13] guide for systematic literature reviews is followed due to several
reasons:
• Credibility and expertise: Okoli and Schabram [13] are reputable authors in the field of
information systems research. Their guide is based on extensive research and practical
experience, making it a valuable resource for conducting systematic literature reviews.
• Clarity and comprehensiveness: The four-phase approach provided by Okoli and
Schabram [13] is clear and comprehensive, providing a step-by-step framework for
conducting a systematic review. This ensures that no important steps are missed and
that the review remains rigorous and well-structured.
• Applicability to various disciplines: Okoli and Schabram [13] guide is not restricted to a
specific field but can be applied to various disciplines. This versatility makes it a widely
accepted and widely used framework for conducting systematic literature reviews.
• Alignment with established standards: Okoli and Schabram [13] aligns with established
standards and best practices for conducting systematic reviews. Following their
approach ensures that the review meets the requirements of rigor and transparency,
making the findings more reliable and valid.
Therefore, Okoli and Schabram [13] guide is followed for conducting systematic literature
reviews due to its credibility, clarity, applicability, and alignment with established standards.
By following this guide, researchers can ensure a thorough and well-structured review that
contributes meaningfully to the existing body of knowledge.