Taxonomy of compliant information security behavior

This paper aims at surveying the extrinsic and intrinsic motivations that influence the propensity toward compliant information security behavior. Information security behavior refers to a set of core information security activities that have to be adhered to by end-users to maintain information security as defined by information security policies. The intention is to classify the research done on compliant information security behavior from an end-user perspective and arrange it as a taxonomy predicated on Self-Determination Theory (SDT). In addition, the relative significance of factors that contribute to compliant information security behavior is evaluated on the basis of empirical studies. The taxonomy will be valuable in providing a comprehensive overview of the factors that influence compliant information security behavior and in identifying areas that require further research.