Palabras clave
Análisis Bibliométrico
Ciberseguridad Organizacional
Comportamiento del Usuario
Concienciación en Seguridad
Cómo citar
Resumen
Introducción: La cultura de ciberseguridad se ha convertido en un componente clave en la protección de los activos digitales de las empresas, dado que a pesar de todos los controles técnicos que se puedan implementar para garantizar la seguridad de la información, la influencia del comportamiento humano frente a las amenazas informáticas es primordial. Objetivo: Analizar el comportamiento de la documentación e investigación sobre cultura de ciberseguridad en entornos empresariales durante el periodo 2005–2025. Metodología: Estudio bibliométrico y cienciométrico de 74 artículos obtenidos de la base de datos Scopus. Se aplicaron indicadores de productividad, colaboración, coocurrencia de palabras clave, redes de coautoría y análisis de citas. Resultados: Se evidencia una tendencia creciente en la producción científica a partir de 2017, con una línea de crecimiento exponencial ajustada a un R² = 0.41. Se identificó un enfoque temático centrado en tres ejes: cultura organizacional, comportamiento del usuario y estrategias de concienciación. Destacan autores como Da Veiga, L.V.; Hart, S.; y Rawindaran, N., así como instituciones del Reino Unido, Malasia y Estados Unidos. Conclusiones: La cultura de ciberseguridad es un ámbito en desarrollo que busca entender cómo los elementos humanos y organizacionales influyen en la gestión de riesgos digitales. Las investigaciones actuales se centran en la gamificación para la concientización, la evaluación de la madurez cultural y la cooperación internacional para mejorar las prácticas de seguridad digital en empresas.
Citas
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/J.COSE.2020.102003
Bada, M., Sasse, A. M., & Nurse, J. R. C. (2019). Cyber Security Awareness Campaigns: Why do they fail to change behaviour? https://arxiv.org/pdf/1901.02672
Bongiovanni, I. (2019). The least secure places in the universe? A systematic literature review on information security management in higher education. Computers & Security, 86, 350–357. https://doi.org/10.1016/J.COSE.2019.07.003
Cheng, E. C. K. ;, Wang, T., Cheng, E. C. K., & Wang, T. (2022). Institutional Strategies for Cybersecurity in Higher Education Institutions. Information 2022, Vol. 13, Page 192, 13(4), 192. https://doi.org/10.3390/INFO13040192
Cone, B. D., Irvine, C. E., Thompson, M. F., & Nguyen, T. D. (2007). A video game for cyber security training and awareness. Computers & Security, 26(1), 63–72. https://doi.org/10.1016/J.COSE.2006.10.005
Da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, 101713. https://doi.org/10.1016/J.COSE.2020.101713
Da Veiga, A., & Eloff, J. H. P. (2010). A framework and assessment instrument for information security culture. Computers & Security, 29(2), 196–207. https://doi.org/10.1016/J.COSE.2009.09.002
Da Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162–176. https://doi.org/10.1016/J.COSE.2014.12.006
D’Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective. Journal of Management Information Systems, 31(2), 285–318. https://doi.org/10.2753/MIS0742-1222310210
Furnell, S. M., Clarke, N., & Lacey, D. (2010). Understanding and transforming organizational security culture. Information Management & Computer Security, 18(1), 4–13.
https://doi.org/10.1108/09685221011035223
Hadlington, L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), e00346. https://doi.org/10.1016/J.HELIYON.2017.E00346
Hart, S., Margheri, A., Paci, F., & Sassone, V. (2020). Riskio: A Serious Game for Cyber Security Awareness and Education. Computers & Security, 95, 101827. https://doi.org/10.1016/J.COSE.2020.101827
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69–79. https://doi.org/10.1016/J.IM.2013.10.001
Kajzer, M., Darcy, J., Crowell, C. R., Striegel, A., & Van Bruggen, D. (2014). An exploratory investigation of message-person congruence in information security awareness campaigns. Computers & Security, 43, 64–76. https://doi.org/10.1016/J.COSE.2014.03.003
Offner, K. L., Sitnikova, E., Joiner, K., & MacIntyre, C. R. (2020). Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation. Intelligence and National Security, 35(4), 556–585. https://doi.org/10.1080/02684527.2020.1752459
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers & Security, 42, 165–176. https://doi.org/10.1016/J.COSE.2013.12.003
Progoulakis, I., Rohmeyer, P., & Nikitakos, N. (2021). Cyber Physical Systems Security for Maritime Assets. Journal of Marine Science and Engineering 2021, Vol. 9, Page 1384, 9(12), 1384. https://doi.org/10.3390/JMSE9121384
Rawindaran, N., Jayal, A., & Prakash, E. (2021). Machine Learning Cybersecurity Adoption in Small and Medium Enterprises in Developed Countries. Computers 2021, Vol. 10, Page 150, 10(11), 150. https://doi.org/10.3390/COMPUTERS10110150
Rocha Flores, W., & Ekstedt, M. (2016). Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Computers & Security, 59, 26–44. https://doi.org/10.1016/J.COSE.2016.01.004
Schlienger, T., & Teufel, S. (2005). Tool Supported Management of Information Security Culture. IFIP Advances in Information and Communication Technology, 181, 65–77. https://doi.org/10.1007/0-387-25660-1_5
Tejay, G. P. S., & Mohammed, Z. A. (2023). Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective. Information & Management, 60(3), 103751. https://doi.org/10.1016/J.IM.2022.103751
Uchendu, B., Nurse, J. R. C., Bada, M., & Furnell, S. (2021). Developing a cyber security culture: Current practices and future needs. Computers & Security, 109, 102387.
https://doi.org/10.1016/J.COSE.2021.102387
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from Habit and Protection Motivation Theory. Information & Management, 49(3–4), 190–198. https://doi.org/10.1016/J.IM.2012.04.002
Wong, W. P., Tan, H. C., Tan, K. H., & Tseng, M. L. (2019). Human factors in information leakage: mitigation strategies for information sharing integrity. Industrial Management & Data Systems, 119(6), 1242–1267. https://doi.org/10.1108/IMDS-12-2018-0546