Article Review #1: Organizational and Psychological
Determinants of Cybersecurity Compliance
Student Name: Deonta Carmack
School of Cybersecurity, Old Dominion University
CYSE 201S: Cybersecurity and Social Sciences
Instructor Name: Diwakar Yalpi
Date: 2/23/2025
Introduction / BLUF
This article examines “Controlling Cyber Crime through Information Security
Compliance Behavior: Role of Cybersecurity Awareness, Organizational Culture and Trust in
Management” by Ghaleb and Pardaev (2025). The study explores how organizational culture,
cybersecurity awareness, employee engagement, and trust in management shape employees’
security compliance behavior in production companies. Because cybersecurity incidents
increasingly stem from human behavior rather than technical failures, the article’s focus aligns
closely with social science principles, organizational psychology, and human behavior in
workplace systems.
Connection to Social Science Principles
The article is grounded in core social science concepts, particularly organizational
behavior, social learning theory, and psychological determinants of decision-making. The
authors emphasize that employees’ cybersecurity actions are shaped by cultural norms, perceived
expectations, and interpersonal trust which are key themes in sociology and psychology. For
example, the article notes that “human actions tend to be the weakest link in cybersecurity
frameworks” (Ghaleb & Pardaev, 2025, p. 1), highlighting the social and behavioral dimensions
of cyber risk. The study also draws on theories such as the Theory of Planned Behavior and
Protection Motivation Theory, both of which explain how attitudes, norms, and perceived control
influence compliance.
Research Question, Hypotheses, IV, and DV
The authors present four central research questions addressing how organizational
culture, cybersecurity awareness, employee engagement, and trust in management influence
compliance behavior. From these questions, six hypotheses were developed. Examples include:
- H1: Organizational culture significantly influences information security compliance behavior.
- H2: Cybersecurity awareness significantly influences compliance behavior.
- H3: Employee engagement moderates the relationship between awareness and compliance.
- H4: Employee engagement moderates the relationship between organizational culture and
compliance. - H5–H6: Trust in top management mediates the effects of culture and awareness on compliance.
Independent Variables (IVs): - Organizational culture
- Cybersecurity awareness
- Employee engagement (moderator)
- Trust in management (mediator)
Dependent Variable (DV): - Information security compliance behavior
Research Methods
The study uses quantitative research design, surveying 261 employees across production
companies. The authors used pre-tested scales from prior literature to measure each construct,
ensuring reliability and validity. The analysis was conducted using Structural Equation Modeling
(SEM) in STATA, which allowed the researchers to test direct, moderate, and mediating
relationships simultaneously. SEM is appropriate for complex behavioral models and aligns with
social science methodological standards.
Data and Analysis
The data consisted of employee survey responses measuring perceptions of culture,
awareness, engagement, trust, and compliance. The authors applied SEM to evaluate model
fitness and test hypotheses. According to the article, “all six hypotheses were confirmed,
ensuring the structural validity of the suggested model” (Ghaleb & Pardaev, 2025, p. 1). The
analysis demonstrated that organizational culture, cybersecurity awareness, and employee
involvement strongly predict compliance behavior, while trust in management serves as a
significant mediator.
Connection to Course PowerPoints
The article aligns several concepts from class PowerPoints, including: - Human factors in cybersecurity: The study reinforces the idea that people, not technology, are
the primary vulnerability in cyber systems. - Organizational culture and leadership: The PowerPoints emphasize how leadership behavior
and cultural norms shape employee actions, which mirrors the article’s findings that culture and
trust strongly influence compliance. - Behavioral models: The article’s use of the Theory of Planned Behavior and Protection
Motivation Theory connects directly to course discussions about how attitudes, norms, and
perceived risk shape cybersecurity decisions. - Cybersecurity awareness training: The PowerPoints highlight the importance of ongoing
training, which the article supports by showing that awareness significantly improves
compliance.
Relevance to Marginalized Groups
Although the article does not explicitly focus on marginalized groups, its themes are
highly relevant to equity and inclusion in cybersecurity workplaces. Marginalized employees
such as women, racial minorities, or workers in lower-status roles often experience reduced trust
in management, limited access to training, or exclusion from organizational decision-making.
Because the study finds that trust, awareness, and engagement are key predictors of compliance,
organizations must ensure that marginalized groups receive equitable support, training, and
communication. Without this, disparities in cybersecurity readiness may widen, placing certain
groups at greater risk of blame or disciplinary action when breaches occur.
Contributions of the Study to Society
This study contributes significantly to both cybersecurity practice and social science
research. It demonstrates that effective cybersecurity requires more than technical tools. It
requires understanding human behavior, organizational culture, and psychological trust. By
showing that “organizational culture, awareness in cybersecurity, and employee involvement
strongly predict information security compliance behavior” (Ghaleb & Pardaev, 2025, p. 1), the
authors provide actionable insights for managers seeking to reduce cybercrime risks. The
findings encourage organizations to invest in training, build supportive cultures, and strengthen
trust, ultimately improving workplace security and societal resilience against cyber threats.
Conclusion
Ghaleb and Pardaev’s (2025) study offer a comprehensive and socially grounded
understanding of cybersecurity compliance. By integrating organizational culture, awareness,
engagement, and trust into a single model, the authors highlight the complex human factors that
shape secure behavior. The article aligns closely with social science principles and course
concepts, demonstrating that cybersecurity is fundamentally a behavioral and organizational
challenge. Its insights help organizations create more inclusive, trustworthy, and effective
cybersecurity environments, ultimately contributing to safer digital practices across society.
References
Ghaleb, M. M. S., & Pardaev, J. (2025). Controlling cybercrime through information security
compliance behavior: Role of cybersecurity awareness, organizational culture and trust in
management. International Journal of Cyber Criminology, 19(1), 1–26.
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/437/123
Article Review #2: Controlling Cyber Crime through
Information Security Compliance Behavior
Student Name: Deonta Carmack
School of Cybersecurity, Old Dominion University
CYSE 201S: Cybersecurity and the Social Sciences
Instructor Name: Professor Yalpi
Date: Apr 13th, 2026
Introduction/BLUF
This article examines how organizational culture, cybersecurity awareness, employee
engagement, and trust in management influence information security compliance behavior within
production companies. BLUF: The study concludes that cybersecurity compliance is driven
primarily by human and organizational factors rather than technical controls. Culture, awareness,
and trust significantly shape whether employees follow security policies.
Relation/Connection to Social Science Principles
The article reflects core social science principles such as organizational behavior, human
decision‑making, institutional influence, workplace culture, and the psychology of compliance.
The authors emphasize that cybersecurity is fundamentally social, noting that “organizational
culture, awareness, and trust strongly predict information security compliance behavior.” This
aligns with social science theories showing that human behavior is shaped by norms, leadership,
and perceived legitimacy.
Research Question /Hypothesis/ Independent Variable/Dependent Variable
Research Questions:
- How does organizational culture influence employees’ information security compliance?
- To what extent does cybersecurity awareness affect compliance behavior?
- Does employee engagement moderate the effects of culture and awareness?
- Does trust in top management mediate organizational influences on compliance?
Hypotheses:
● Organizational culture significantly increases compliance behavior.
● Cybersecurity awareness significantly increases compliance behavior.
● Employee engagement moderates the relationship between awareness/culture and
compliance.
● Trust in management mediates the relationship between organizational factors and
compliance.
Independent Variables:
Organizational culture; cybersecurity awareness; employee engagement (moderator); trust in
management (mediator).
Dependent Variable:
Information security compliance behavior.
Types of Research Methods used
The study uses quantitative survey research, collecting data from 261 employees across multiple
departments in production companies. The authors rely on validated scales from prior literature
to measure culture, awareness, engagement, trust, and compliance. This structured approach
allows for statistical testing of relationships between variables.
Types of Data Analysis used
The authors use Structural Equation Modeling (SEM) via STATA, along with descriptive
statistics and model‑fit testing. They report that “all six hypotheses were confirmed,”
demonstrating strong statistical support for the proposed model. SEM allows the researchers to
test direct, indirect, and moderating effects simultaneously which is ideal for studying complex
organizational behavior.
Connections to other Course Concepts
This study connects to course concepts such as human factors in cybersecurity, organizational
culture and leadership, risk perception, cyber hygiene, and institutional trust. It reinforces the
idea that cybersecurity failures often stem from human behavior, not technology. This is a
recurring theme in our course discussions.
Connections to the Concerns or contributions of Marginalized Groups
While the article does not directly focus on marginalized groups, its findings have implications
for them. Employees with less access to training, lower organizational status, or limited exposure
to cybersecurity concepts may struggle more with compliance expectations. The study’s
emphasis on awareness, culture, and trust suggests that organizations must ensure equitable
access to training and supportive leadership so that all employees including those in lower‑status
or non‑technical roles can comply effectively.
Overall societal contributions of the study/Conclusion
This study contributes to society by demonstrating that effective cybersecurity depends on
organizational culture, employee awareness, and trust not just technical defenses. It encourages
managers to invest in training, communication, and leadership practices that support secure
behavior. By integrating organizational psychology with cybersecurity research, the study
advances our understanding of how human factors shape digital safety and highlights the need
for holistic, people‑centered cybersecurity strategies.
Reference
Ghaleb, M. M. S., & Pardaev, J. (2025). Controlling cybercrime through information security compliance
Behavior: Role of cybersecurity awareness, organizational culture, and trust in management. International
Journal of Cyber Criminology, 19(1), 1–26.
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/437/123
Article Link:
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/437/123