Can perceptual differences account for enigmatic information security behaviour in an organisation?. Issue 61 (August 2016)
- Record Type:
- Journal Article
- Title:
- Can perceptual differences account for enigmatic information security behaviour in an organisation?. Issue 61 (August 2016)
- Main Title:
- Can perceptual differences account for enigmatic information security behaviour in an organisation?
- Authors:
- Kearney, W.D.
Kruger, H.A. - Abstract:
- Highlights: Present two preceding social engineering tests and a trust survey as background and contextualisation. Present a perceptual differences study. Results offer some explanations to problems such as the privacy paradox. Propose a safe and secure information environment model. Graphical Abstract: Abstract: Information security in organisations is often threatened by risky behaviour of users. Despite information security awareness and training programmes, the human aspect of information security remains a critical and challenging component of a safe and secure information environment, and users reveal personal and confidential information regularly when asked for it. In an effort to explain and understand this so-called privacy paradox, this paper investigates aspects of trust and perceptual differences, based on empirical research. Two preceding social engineering exercises form the basis of the research project and are also presented as background information. Following the empirical work, a safe and secure information model is proposed. It is then argued that perceptual alignment of different organisational groups is a critical and prerequisite requirement to reach information security congruence between groups of people. In the context of the proposed model, the perceptual differences also offer some explanation as to why users with high levels of security awareness as well as high levels of trust in own and organisational capabilities so often fall victim toHighlights: Present two preceding social engineering tests and a trust survey as background and contextualisation. Present a perceptual differences study. Results offer some explanations to problems such as the privacy paradox. Propose a safe and secure information environment model. Graphical Abstract: Abstract: Information security in organisations is often threatened by risky behaviour of users. Despite information security awareness and training programmes, the human aspect of information security remains a critical and challenging component of a safe and secure information environment, and users reveal personal and confidential information regularly when asked for it. In an effort to explain and understand this so-called privacy paradox, this paper investigates aspects of trust and perceptual differences, based on empirical research. Two preceding social engineering exercises form the basis of the research project and are also presented as background information. Following the empirical work, a safe and secure information model is proposed. It is then argued that perceptual alignment of different organisational groups is a critical and prerequisite requirement to reach information security congruence between groups of people. In the context of the proposed model, the perceptual differences also offer some explanation as to why users with high levels of security awareness as well as high levels of trust in own and organisational capabilities so often fall victim to social engineering scams. The empirical work was performed at a large utility company and results are presented together with appropriate discussions. … (more)
- Is Part Of:
- Computers & security. Issue 61(2016)
- Journal:
- Computers & security
- Issue:
- Issue 61(2016)
- Issue Display:
- Volume 61, Issue 61 (2016)
- Year:
- 2016
- Volume:
- 61
- Issue:
- 61
- Issue Sort Value:
- 2016-0061-0061-0000
- Page Start:
- 46
- Page End:
- 58
- Publication Date:
- 2016-08
- Subjects:
- Information security awareness -- Phishing -- Social engineering -- Information security behaviour -- Trust -- Perceptual differences
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2016.05.006 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 1.xml