•  
  •  
 
Communications of the Association for Information Systems

Author ORCID Identifier

Rongen Zhang: https://orcid.org/0000-0003-2883-1546

Eun Hee Park: https://orcid.org/0000-0002-9831-8951

Yoongi Kim: https://orcid.org/0009-0004-2822-4230

Jongwoo Kim: https://orcid.org/0000-0001-5656-4436

Abstract

This study provides a comprehensive analysis of the evolving landscape of information security research from 2015 to 2022. Through a detailed examination of 193 articles, we identify the prevailing research paradigms and methods that correspond to different types of theoretical contributions. Specifically, we categorize theoretical contributions into theory building (i.e., theory builder, refiner, and theory-NA) and theory testing (i.e., tester and non-tester). Our findings reveal that while 72.6% of information security studies’ theoretical contributions fall into the category of “refiner,” which extends existing theories, only 9.3% of information security studies provided significant theoretical contributions as “builder.” These “builder” studies predominantly adopted positivism and interpretivism paradigms, using methods such as surveys, lab experiments, and field studies. In contrast, both “refiner” and “tester” studies primarily adopted a positivist perspective, with lab experiments, surveys, and case studies being the preferred methods. By mapping out these patterns and trends, our review extends beyond the scope of existing literature, which typically concentrates on specific domains. In the rapidly evolving domain of information security, this study enriches our understanding of current research dynamics and offers pathways for future inquiries to align the choice of research paradigms and methods with the desired type of theoretical contributions.

DOI

10.17705/1CAIS.05752

Download

Share

COinS
 

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.