Factors in an end user security expertise instrument. (12th June 2017)
- Record Type:
- Journal Article
- Title:
- Factors in an end user security expertise instrument. (12th June 2017)
- Main Title:
- Factors in an end user security expertise instrument
- Authors:
- Rajivan, Prashanth
Moriano, Pablo
Kelley, Timothy
Camp, L. Jean - Abstract:
- Abstract : Purpose: The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and interactions in the security and privacy context. Standardized, externally valid instruments for measuring end-user security expertise are non-existent. Design/methodology/approach: A questionnaire encompassing skills and knowledge-based questions was developed to identify critical factors that constitute expertise in end users. Exploratory factor analysis was applied on the results from 898 participants from a wide range of populations. Cluster analysis was applied to characterize the relationship between computer and security expertise. Ordered logistic regression models were applied to measure efficacy of the proposed security and computing factors in predicting user comprehension of security concepts: phishing and certificates. Findings: There are levels to peoples' computer and security expertise that could be reasonably measured and operationalized. Four factors that constitute computer security-related skills and knowledge are, namely, basic computer skills, advanced computer skills, security knowledge and advanced security skills, and these are identified as determinants of computer expertise. Practical implications: Findings from this work can be used to guide the design of security interfaces such that it caters to people with different expertise levels and does not force usersAbstract : Purpose: The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and interactions in the security and privacy context. Standardized, externally valid instruments for measuring end-user security expertise are non-existent. Design/methodology/approach: A questionnaire encompassing skills and knowledge-based questions was developed to identify critical factors that constitute expertise in end users. Exploratory factor analysis was applied on the results from 898 participants from a wide range of populations. Cluster analysis was applied to characterize the relationship between computer and security expertise. Ordered logistic regression models were applied to measure efficacy of the proposed security and computing factors in predicting user comprehension of security concepts: phishing and certificates. Findings: There are levels to peoples' computer and security expertise that could be reasonably measured and operationalized. Four factors that constitute computer security-related skills and knowledge are, namely, basic computer skills, advanced computer skills, security knowledge and advanced security skills, and these are identified as determinants of computer expertise. Practical implications: Findings from this work can be used to guide the design of security interfaces such that it caters to people with different expertise levels and does not force users to exercise more cognitive processes than required. Originality/value: This work identified four factors that constitute security expertise in end users. Findings from this work were integrated to propose a framework called Security SRK for guiding further research on security expertise. This work posits that security expertise instrument for end user should measure three cognitive dimensions: security skills, rules and knowledge. … (more)
- Is Part Of:
- Information and computer security. Volume 25:Number 2(2017)
- Journal:
- Information and computer security
- Issue:
- Volume 25:Number 2(2017)
- Issue Display:
- Volume 25, Issue 2 (2017)
- Year:
- 2017
- Volume:
- 25
- Issue:
- 2
- Issue Sort Value:
- 2017-0025-0002-0000
- Page Start:
- 190
- Page End:
- 205
- Publication Date:
- 2017-06-12
- Subjects:
- Privacy -- Psychometrics -- Security -- Expertise -- Security comprehension
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-04-2017-0020 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2218.xml