Security-related behavior in using information systems in the workplace: A review and synthesis

Security-related behavior in the workplace has recently drawn much attention from scholars in the information systems literature. Many studies, however, have reported inconsistent and sometimes contradictory results about the effects of some key factors such as sanctions. We argue that one of the reasons causing the inconsistent findings is the divergent conceptualizations of security-related behavior. In this paper, we conducted an extensive review of the divergent concepts. Many of the concepts overlap with each other on some dimensions and yet are different on others. By delineating and synthesizing the differences, we proposed a framework for conceptualizing security-related behavior. The framework can facilitate the development of consistent and comparable terms and concepts in future studies. Implications for research are also discussed.