Haney, J. M., & Lutters, W. G. (2018). It's scary…it's confusing…it's dull: How cybersecurity advocates overcome negative perceptions of security. Proceedings of the fourteenth symposium on usable privacy and security. This journal article emphasizes the important role the cybersecurity advocate plays in motivating their audience to embrace change.
Georgescu, T.M. (2021). A study on how the pandemic changed the cybersecurity landscape. Informatica Economica, 25(1), 42–60. https://doi.org/10.24818/issn14531305/25.1.2021.04 This journal article highlights a study that investigated the impact of an external event (the pandemic) on organizational cybersecurity risk. The findings have implications for changes to security policy in response to internal and external changes faced by the organization.
Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45, 13–24. https://doi.org/10.1016/j.ijinfomgt.2018.10.017 In this journal article, the authors developed and tested operational measures to study information security behavior in the workplace. Specifically, they investigated the impact of cybersecurity policy awareness on threat appraisal, coping strategy, and information security compliance behavior.
Liervik, R. (2022). Understand, manage, and measure cyber risk: Practical solutions for creating a sustainable cyber program. Apress. The book provides tools and methods in a straight-forward practical manner to guide the management of the organizational cybersecurity program and helps practitioners pull cyber from a "technical" problem to a "business risk management" problem.