Taxonomy-based approach for understanding and enhancing security culture in universities
Context Recent studies have highlighted a growing interest in security culture. Frameworks and standards currently exist, offering cybersecurity regulatory guidelines for organizations both locally and internationally, as evidenced in the literature. However, research on information security culture...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
PeerJ Inc.
2025-07-01
|
| Series: | PeerJ Computer Science |
| Subjects: | |
| Online Access: | https://peerj.com/articles/cs-3005.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849701936070131712 |
|---|---|
| author | Mona Albinali Mahmood Niazi Mohammad Alshayeb Sajjad Mahmood Arif Ali Khan |
| author_facet | Mona Albinali Mahmood Niazi Mohammad Alshayeb Sajjad Mahmood Arif Ali Khan |
| author_sort | Mona Albinali |
| collection | DOAJ |
| description | Context Recent studies have highlighted a growing interest in security culture. Frameworks and standards currently exist, offering cybersecurity regulatory guidelines for organizations both locally and internationally, as evidenced in the literature. However, research on information security culture (ISC) within universities remains limited. Moreover, there is a notable absence of professional and academic investigations into ISC. Objectives In this article we aim to thoroughly examine ISC in universities through four main objectives. First, we will identify essential knowledge areas (KAs) in this field. Second, we will analyze best practices (BPs) used to promote security culture in universities. Third, we will explore where these practices can be applied across different university areas. Finally, we will create a detailed taxonomy to organize the aspects of ISC in university settings. Method We employed a multivocal literature review (MLR) approach to identify the primary KAs and BPs for understanding and enhancing security culture in universities. We scrutinized 81 primary studies from formal (FL; peer-reviewed) and grey literature (GL; blogs, web pages, white papers). These studies span the past 14 years, from 2010 to 2024. Results We identified 12 main KAs and 76 best practice areas from both FL and GL. Our findings have enabled us to establish a taxonomy of security culture in universities. This comprehensive categorization serves as a valuable resource for understanding aspects of security culture. Conclusion This study will assist researchers and practitioners in finding relevant studies from the FL and GL to obtain evidence that will help develop an ISC model. Moreover, it has shed light on several areas that warrant further research and development to enhance security culture. |
| format | Article |
| id | doaj-art-ed5cc1da93cf4c76b2cf6cff91efa2bd |
| institution | DOAJ |
| issn | 2376-5992 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | PeerJ Inc. |
| record_format | Article |
| series | PeerJ Computer Science |
| spelling | doaj-art-ed5cc1da93cf4c76b2cf6cff91efa2bd2025-08-20T03:17:47ZengPeerJ Inc.PeerJ Computer Science2376-59922025-07-0111e300510.7717/peerj-cs.3005Taxonomy-based approach for understanding and enhancing security culture in universitiesMona Albinali0Mahmood Niazi1Mohammad Alshayeb2Sajjad Mahmood3Arif Ali Khan4Department of Information and Computer Science, King Fahad University of Petroleum and Minerals, Dhahran, Saudi ArabiaDepartment of Information and Computer Science, King Fahad University of Petroleum and Minerals, Dhahran, Saudi ArabiaDepartment of Information and Computer Science, King Fahad University of Petroleum and Minerals, Dhahran, Saudi ArabiaDepartment of Information and Computer Science, King Fahad University of Petroleum and Minerals, Dhahran, Saudi ArabiaM3S Empirical Software Engineering Research Unit, University of Oulu, Oulu, FinlandContext Recent studies have highlighted a growing interest in security culture. Frameworks and standards currently exist, offering cybersecurity regulatory guidelines for organizations both locally and internationally, as evidenced in the literature. However, research on information security culture (ISC) within universities remains limited. Moreover, there is a notable absence of professional and academic investigations into ISC. Objectives In this article we aim to thoroughly examine ISC in universities through four main objectives. First, we will identify essential knowledge areas (KAs) in this field. Second, we will analyze best practices (BPs) used to promote security culture in universities. Third, we will explore where these practices can be applied across different university areas. Finally, we will create a detailed taxonomy to organize the aspects of ISC in university settings. Method We employed a multivocal literature review (MLR) approach to identify the primary KAs and BPs for understanding and enhancing security culture in universities. We scrutinized 81 primary studies from formal (FL; peer-reviewed) and grey literature (GL; blogs, web pages, white papers). These studies span the past 14 years, from 2010 to 2024. Results We identified 12 main KAs and 76 best practice areas from both FL and GL. Our findings have enabled us to establish a taxonomy of security culture in universities. This comprehensive categorization serves as a valuable resource for understanding aspects of security culture. Conclusion This study will assist researchers and practitioners in finding relevant studies from the FL and GL to obtain evidence that will help develop an ISC model. Moreover, it has shed light on several areas that warrant further research and development to enhance security culture.https://peerj.com/articles/cs-3005.pdfSoftware engineeringMultivocal literature review (MLR)Information security culture (ISC)SecurityBest practicesKnowledge area |
| spellingShingle | Mona Albinali Mahmood Niazi Mohammad Alshayeb Sajjad Mahmood Arif Ali Khan Taxonomy-based approach for understanding and enhancing security culture in universities PeerJ Computer Science Software engineering Multivocal literature review (MLR) Information security culture (ISC) Security Best practices Knowledge area |
| title | Taxonomy-based approach for understanding and enhancing security culture in universities |
| title_full | Taxonomy-based approach for understanding and enhancing security culture in universities |
| title_fullStr | Taxonomy-based approach for understanding and enhancing security culture in universities |
| title_full_unstemmed | Taxonomy-based approach for understanding and enhancing security culture in universities |
| title_short | Taxonomy-based approach for understanding and enhancing security culture in universities |
| title_sort | taxonomy based approach for understanding and enhancing security culture in universities |
| topic | Software engineering Multivocal literature review (MLR) Information security culture (ISC) Security Best practices Knowledge area |
| url | https://peerj.com/articles/cs-3005.pdf |
| work_keys_str_mv | AT monaalbinali taxonomybasedapproachforunderstandingandenhancingsecuritycultureinuniversities AT mahmoodniazi taxonomybasedapproachforunderstandingandenhancingsecuritycultureinuniversities AT mohammadalshayeb taxonomybasedapproachforunderstandingandenhancingsecuritycultureinuniversities AT sajjadmahmood taxonomybasedapproachforunderstandingandenhancingsecuritycultureinuniversities AT arifalikhan taxonomybasedapproachforunderstandingandenhancingsecuritycultureinuniversities |