Information Security Research in the Information Systems Discipline: A Thematic Review and Future Research Directions

Information security continues to grow in importance in all aspects of society and therefore evolves as a prevalent research area. The information systems (IS) discipline offers a unique perspective to move this stream of literature forward. Using a semiautomated thematic analysis approach based on the topic modeling technique, we review a broad range of information security literature to investigate how we may integrate and advance our understanding of information security. Our analysis reveals four major themes, including information security policy (ISP) compliance, motivations and susceptibility, software security decisions, and firm security strategy. We also identify a theme of security in broader contexts, in which studies consider the societal impacts of information security and online hacker behavior. This review contributes to IS literature by 1) synthesizing the broad range of information security research published in the top journals of the field, moving beyond prior reviews focusing on a narrower scope such as individual ISP compliance; 2) identifying major themes and proposing an overarching research framework encompassing these themes and their interconnections, allowing us to envision future research directions; and 3) enumerating a semiautomated topic modeling approach that other researchers can employ.