Information security conscious care behaviour formation in organizations. Issue 53 (September 2015)
- Record Type:
- Journal Article
- Title:
- Information security conscious care behaviour formation in organizations. Issue 53 (September 2015)
- Main Title:
- Information security conscious care behaviour formation in organizations
- Authors:
- Safa, Nader Sohrabi
Sookhak, Mehdi
Von Solms, Rossouw
Furnell, Steven
Ghani, Norjihan Abdul
Herawan, Tutut - Abstract:
- Abstract: Today, the Internet can be considered to be a basic commodity, similar to electricity, without which many businesses simply cannot operate. However, information security for both private and business aspects is important. Experts believe that technology cannot solely guarantee a secure environment for information. Users' behaviour should be considered as an important factor in this domain. The Internet is a huge network with great potential for information security breaches. Hackers use different methods to change confidentiality, integrity, and the availability of information in line with their benefits, while users intentionally or through negligence are a great threat for information security. Sharing their account information, downloading any software from the Internet, writing passwords on sticky paper, and using social security numbers as a username or password are examples of their mistakes. Users' negligence, ignorance, lack of awareness, mischievous, apathy and resistance are usually the reasons for security breaches. Users' poor information security behaviour is the main problem in this domain and the presented model endeavours to reduce the risk of users' behaviour in this realm. The results of structural equation modelling (SEM) showed that Information Security Awareness, Information Security Organization Policy, Information Security Experience and Involvement, Attitude towards information security, Subjective Norms, Threat Appraisal, and InformationAbstract: Today, the Internet can be considered to be a basic commodity, similar to electricity, without which many businesses simply cannot operate. However, information security for both private and business aspects is important. Experts believe that technology cannot solely guarantee a secure environment for information. Users' behaviour should be considered as an important factor in this domain. The Internet is a huge network with great potential for information security breaches. Hackers use different methods to change confidentiality, integrity, and the availability of information in line with their benefits, while users intentionally or through negligence are a great threat for information security. Sharing their account information, downloading any software from the Internet, writing passwords on sticky paper, and using social security numbers as a username or password are examples of their mistakes. Users' negligence, ignorance, lack of awareness, mischievous, apathy and resistance are usually the reasons for security breaches. Users' poor information security behaviour is the main problem in this domain and the presented model endeavours to reduce the risk of users' behaviour in this realm. The results of structural equation modelling (SEM) showed that Information Security Awareness, Information Security Organization Policy, Information Security Experience and Involvement, Attitude towards information security, Subjective Norms, Threat Appraisal, and Information Security Self-efficacy have a positive effect on users' behaviour. However, Perceived Behavioural Control does not affect their behaviour significantly. The Protection Motivation Theory and Theory of Planned Behaviour were applied as the backbone of the research model. … (more)
- Is Part Of:
- Computers & security. Issue 53(2015)
- Journal:
- Computers & security
- Issue:
- Issue 53(2015)
- Issue Display:
- Volume 53, Issue 53 (2015)
- Year:
- 2015
- Volume:
- 53
- Issue:
- 53
- Issue Sort Value:
- 2015-0053-0053-0000
- Page Start:
- 65
- Page End:
- 78
- Publication Date:
- 2015-09
- Subjects:
- Information security -- Conscious care behaviour -- Awareness -- Risk -- Organization policy
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2015.05.012 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 895.xml