Information security culture model for Malaysian organizations: A review

The establishment of Information Security Culture (ISC) has been recommended for improving employees’ information security in the organization. To date, there is still no clear guidance or model for assessing and cultivating ISC for Malaysian organizations, despite some Malaysian-based studies being carried out. In order to shed light to this issue, we reviewed all ISC models developed in Malaysian context to identify models for particular types of organization in Malaysia. Three major databases of Web of Science, Scopus and Google Scholar were systematically exhausted and we found only six papers from 2000 to 2018 that met our selection criteria. Our analysis revealed that there is a lack of validated ISC models have been produced for particular types of organization. The current model only applicable to healthcare, library and public organizations in Malaysia. In addition, there is a lack of consistency in terms of ISC factors used in the ISC models and there is no common set of factors could be applied for all type of Malaysian organization. This review has amplified the need for a more thorough and in-depth studies for ISC model in Malaysian context