ISP不合规研究中变量定义和测量项目的概念不一致性：系统文献综述

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-02-08 DOI:10.1016/j.cose.2025.104365

Marcus Gerdin, Åke Grönlund, Ella Kolkowska

{"title":"ISP不合规研究中变量定义和测量项目的概念不一致性：系统文献综述","authors":"Marcus Gerdin, Åke Grönlund, Ella Kolkowska","doi":"10.1016/j.cose.2025.104365","DOIUrl":null,"url":null,"abstract":"<div><div>The rich stream of research focusing on employee non-/compliance with information security policies (ISPs) suffers from inconsistent results. Attempts to explain such inconsistencies have included investigation of possible contextual moderating factors. Another promising, yet not systematically investigated, explanation concerns conceptual inconsistencies in variable definitions and in questionnaire measurement items.</div><div>Based on a systematic literature review covering 36 ISP non-/compliance articles using Protection Motivation Theory (PMT) and/or Theory of Planned Behavior (TPB), we found four major types of conceptual inconsistencies and unclarities within and across studies; (i) inconsistencies in variable definitions; (ii) inconsistencies between variable measurement items; (iii) inconsistencies between variable definitions and measurement items; and (iv) unclearly/vaguely worded measurement items. The review contributes to the field by demonstrating that the inconsistent results in the field may not only be due to unknown contextual moderators, but also to conceptual incongruences within and across studies.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104365"},"PeriodicalIF":4.8000,"publicationDate":"2025-02-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Conceptual inconsistencies in variable definitions and measurement items within ISP non-/compliance research: A systematic literature review\",\"authors\":\"Marcus Gerdin, Åke Grönlund, Ella Kolkowska\",\"doi\":\"10.1016/j.cose.2025.104365\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The rich stream of research focusing on employee non-/compliance with information security policies (ISPs) suffers from inconsistent results. Attempts to explain such inconsistencies have included investigation of possible contextual moderating factors. Another promising, yet not systematically investigated, explanation concerns conceptual inconsistencies in variable definitions and in questionnaire measurement items.</div><div>Based on a systematic literature review covering 36 ISP non-/compliance articles using Protection Motivation Theory (PMT) and/or Theory of Planned Behavior (TPB), we found four major types of conceptual inconsistencies and unclarities within and across studies; (i) inconsistencies in variable definitions; (ii) inconsistencies between variable measurement items; (iii) inconsistencies between variable definitions and measurement items; and (iv) unclearly/vaguely worded measurement items. The review contributes to the field by demonstrating that the inconsistent results in the field may not only be due to unknown contextual moderators, but also to conceptual incongruences within and across studies.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"152 \",\"pages\":\"Article 104365\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2025-02-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825000549\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000549","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

针对员工不遵守信息安全策略（isp）的大量研究结果并不一致。解释这种不一致的尝试包括对可能的背景调节因素的调查。另一个有希望但尚未系统调查的解释涉及变量定义和问卷测量项目的概念不一致。基于对36篇使用保护动机理论（PMT）和/或计划行为理论（TPB）的ISP不合规文章的系统文献综述，我们发现研究内部和研究之间的概念不一致和不清晰主要有四种类型；(i)变量定义不一致；（ii）变量测量项目之间的不一致；（三）变量定义与测量项目不一致；（四）表述不清/模糊的测量项目。该综述通过证明该领域不一致的结果可能不仅是由于未知的语境调节因子，而且是由于研究内部和研究之间的概念不一致，从而对该领域做出了贡献。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Conceptual inconsistencies in variable definitions and measurement items within ISP non-/compliance research: A systematic literature review

The rich stream of research focusing on employee non-/compliance with information security policies (ISPs) suffers from inconsistent results. Attempts to explain such inconsistencies have included investigation of possible contextual moderating factors. Another promising, yet not systematically investigated, explanation concerns conceptual inconsistencies in variable definitions and in questionnaire measurement items.

Based on a systematic literature review covering 36 ISP non-/compliance articles using Protection Motivation Theory (PMT) and/or Theory of Planned Behavior (TPB), we found four major types of conceptual inconsistencies and unclarities within and across studies; (i) inconsistencies in variable definitions; (ii) inconsistencies between variable measurement items; (iii) inconsistencies between variable definitions and measurement items; and (iv) unclearly/vaguely worded measurement items. The review contributes to the field by demonstrating that the inconsistent results in the field may not only be due to unknown contextual moderators, but also to conceptual incongruences within and across studies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.