Human Behavioral Aspects in Information Systems Security Literature Review

Recent literature has identified three areas that must be considered when creating a secure information system: technical, formal and informal systems. With much of the literature focusing on the technical and formal systems, this paper explores the literature aimed at the informal system. The goal of this paper is to explore theories and empirical studies about human behavior and information systems security (ISS) to discover common denominators and best practices for organizations in regards to the softer side of security. The most commonly used theories in the behavioral aspects of ISS are theory of reasoned action, deterrence theory, social bond theory, social learning theory, and theory of planned behavior. The emerging themes that need more attention from organizations in regards to the human element and ISS are organization culture, training/awareness, and internal controls.