Author ORCID Identifier
Rahul Dwivedi: https://orcid.org/0000-0001-9994-1991
George Mangalaraj: https://orcid.org/0000-0003-1024-5477
Abstract
Cybersecurity remains a significant area of concern and interest for organizations and researchers. Despite the attention it has attracted among scholars, there has yet to be a systematic effort to investigate the relevance and rigor of prior research. This study aims to fill this void. Specifically, we leverage BERTopic modeling and OpenAI's LLM capability to derive 19 topics from cybersecurity research published in premier Information Systems (IS) journals, representing both technical and social/behavioral aspects. We then mapped these research topics on the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (CSF) to examine the relevance of prior research. Our analysis reveals that IS research covers all the core functions of NIST CSF at varying levels. We further examine the rigor of the published research by inspecting its theoretical and methodological bases. IS researchers have anchored their studies in diverse theoretical and methodological approaches, with some theories/methods being more dominant. Our study affirms that IS cybersecurity research is both relevant and rigorous and discusses opportunities for advancing its intellectual boundaries through targeted research.
DOI
10.17705/1CAIS.05737
Recommended Citation
Dwivedi, R., & Mangalaraj, G. (2025). Relevance and Rigor of Information Systems Cybersecurity Research: An Exploratory Analysis. Communications of the Association for Information Systems, 57, 847-877. https://doi.org/10.17705/1CAIS.05737
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
