UPM Institutional Repository

Evolution of information security awareness towards maturity: a systematic review


Citation

Ahmad, Mohd Ridzam and Osman, Mohd Hafeez and Abdullah, Azizol and Sharif, Khaironi Yatim (2024) Evolution of information security awareness towards maturity: a systematic review. International Journal on Advanced Science, Engineering and Information Technology, 14 (5). pp. 1738-1747. ISSN 2088-5334; eISSN: 2460-6952

Abstract

This systematic review provides an in-depth analysis of existing information security awareness (ISA) maturity models. This review synthesizes findings from 25 scholarly articles, identifying standard dimensions such as risk management, organizational culture, training programs, policy compliance, and technical measures. Despite diverse approaches, significant gaps are evident, particularly the absence of tailored models for specific organizational types like public sector entities. Additionally, the reliance on self-reported data and expert opinions in many models introduces biases, limiting their applicability. The findings underscore the need for organizations to adopt a comprehensive approach to ISA maturity, combining technical controls with behavioral assessments. This holistic view is essential for developing robust ISA maturity frameworks to address evolving cyber threats. Emphasizing compliance with established standards, such as ISO/IEC 27001, is critical to enhancing ISA across industries. Future research should focus on validating and refining ISA maturity models in diverse contexts and industries. This includes testing models in different organizational settings to ensure broader applicability and developing frameworks integrating technical and behavioral dimensions. Addressing sector-specific tailoring, integrating technical and managerial aspects, and providing rigorous empirical validation are critical for developing more effective and adaptable models. Developing ISA maturity models specifically tailored for the public sector is vital due to these organizations’ unique challenges and responsibilities. Utilizing updated versions of standards like ISO 27000 series provides a robust framework for maintaining high information security awareness and preparedness standards. © (2024), (Insight Society Insight Society). All rights reserved.


Download File

[img] Text
118994.pdf
Download (1MB)

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.18517/ijaseit.14.5.20234
Publisher: Insight Society
Keywords: Cybersecurity frameworks; Information security awareness (isa); Iso/iec 27001.; Maturity model
Depositing User: Ms. Azian Edawati Zakaria
Date Deposited: 01 Aug 2025 02:02
Last Modified: 01 Aug 2025 02:02
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.18517/ijaseit.14.5.20234
URI: http://psasir.upm.edu.my/id/eprint/118994
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item