Taxonomy-based approach for understanding and enhancing security culture in universities

Taxonomy-based approach for understanding and enhancing security culture in universities

Context Recent studies have highlighted a growing interest in security culture. Frameworks and standards currently exist, offering cybersecurity regulatory guidelines for organizations both locally and internationally, as evidenced in the literature. However, research on information security culture...

Full description

Saved in:
Bibliographic Details
Main Authors: Mona Albinali, Mahmood Niazi, Mohammad Alshayeb, Sajjad Mahmood, Arif Ali Khan
Format: Article
Language:English
Published: PeerJ Inc. 2025-07-01
Series:PeerJ Computer Science
Subjects:
Software engineering
Multivocal literature review (MLR)
Information security culture (ISC)
Security
Best practices
Knowledge area
Online Access:https://peerj.com/articles/cs-3005.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Context Recent studies have highlighted a growing interest in security culture. Frameworks and standards currently exist, offering cybersecurity regulatory guidelines for organizations both locally and internationally, as evidenced in the literature. However, research on information security culture (ISC) within universities remains limited. Moreover, there is a notable absence of professional and academic investigations into ISC. Objectives In this article we aim to thoroughly examine ISC in universities through four main objectives. First, we will identify essential knowledge areas (KAs) in this field. Second, we will analyze best practices (BPs) used to promote security culture in universities. Third, we will explore where these practices can be applied across different university areas. Finally, we will create a detailed taxonomy to organize the aspects of ISC in university settings. Method We employed a multivocal literature review (MLR) approach to identify the primary KAs and BPs for understanding and enhancing security culture in universities. We scrutinized 81 primary studies from formal (FL; peer-reviewed) and grey literature (GL; blogs, web pages, white papers). These studies span the past 14 years, from 2010 to 2024. Results We identified 12 main KAs and 76 best practice areas from both FL and GL. Our findings have enabled us to establish a taxonomy of security culture in universities. This comprehensive categorization serves as a valuable resource for understanding aspects of security culture. Conclusion This study will assist researchers and practitioners in finding relevant studies from the FL and GL to obtain evidence that will help develop an ISC model. Moreover, it has shed light on several areas that warrant further research and development to enhance security culture.
ISSN:2376-5992

Similar Items