Figures & data
TABLE 1. Keywords Used for the Systematic Literature Review, Combining Items within Groups 1, 2, and 3 to Construct the Actual Search Queries
TABLE 2. Key Aspects the Final List of Organizational Characteristics Should Adhere to
TABLE 3. A Selection of OCs Overlapping with ISFAM Capabilities
TABLE 4. Overview of interviews performed with experts in IS
TABLE 5. Shortlist with 26 unique characteristics identified in literature, and the rationale whether to retain, merge, split, or remove the characteristic based on expert interviews
Fulford H, Doherty NF. 2003. The application of information security policies in large UK-based organizations: an exploratory investigation. Inf Manage Comp Sec. 11, 106–114. Kraemer S, Carayon P, Clem J. 2009. Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput Sec. 28:509–520. Huang D, Patrick Rau P-L, Salvendy G, Gao F, Zhou J. 2011. Factors affecting perception of information security and their impacts on IT adoption and security practices. Int J Human-Comput Stud. 69:870–883. Rehage K, Hunt S, Nikitin F. 2008. Global technology audit guide: developing the IT audit plan. Altamonto Springs, FL, USA. Smith S, Jamieson R. Determining key factors in e-government information system security. Inf Syst Manage. 23:23–32. Dunkerley KD, Tejay G. 2011. A confirmatory analysis of information systems security success factors. 2011 44th Hawaii International Conference on System Sciences, Honolulu, Hawaii, 1–10. Milicevic D, Goeken M. 2013. Social factors in policy compliance—evidence found in literature to assist the development of policies in information security management. 2013 46th Hawaii International Conference on System Sciences, 4476–4484. Davis C, Schiller M, Wheeler K. 2010. IT auditing using controls to protect information assets. 2nd ed. McGraw-Hill. Kotulic AG, Clark JG. Why there aren’t more information security research studies. Inf Manage. 41:597–607. Hanseth O, Ciborra C. 2007. Risk, complexity and ICT. Cheltenham, UK: Edward Elgar Publishing. Kankanhalli A, Teo H-H, Tan BCY, Wei K-K. 2003. An integrative study of information systems security effectiveness. Int J Inf Manage. 23:139–154. Whitman M, Mattford H. 2011. Principles of information security. UK: Cengage Learning. Guttman B, Roback EA. 1995. Special Publication 800–12. An introduction to computer security: the NIST handbook. Gaithersburg, MD. Chang SE, Ho CB. 2006. Organizational factors to the effectiveness of implementing information security management. Ind Manage Data Syst. 106:345–361. Ein-Dor P, Segev E. 1978. Organizational context and the success of management information systems. Manage Sci. 24:1064–1077. Alner M. 2001. The effects of outsourcing on information security. Inf Syst Sec. 10: 1–9.