Education, Training, Awareness, Knowledge, and Compliance with the Information Security Policy

Abstract

Due to information security’s (IS) importance in protecting organizations’ data, international standards, norms, and best practices have been proposed for managing IS. Organizations establish the information security management systems and the information security policies (PSI) that their organizational collaborators must adopt. However, organizations continue to experience IS incidents because of more than the information technologies required or norms established for PSI compliance – the components of the people within the system who ensure policy compliance are also crucial. This article aims to understand the influence that education, training, awareness, and knowledge have on PSI compliance, directly or indirectly, via a literature review of articles published in indexed databases. The results show that education, training, and awareness programmes relate to PSI compliance intentions, while security knowledge influences attitudes towards compliance with the PSI. © 2023, Associacao Iberica de Sistemas e Tecnologias de Informacao. All rights reserved.