Assessing information security attitudes: a comparison of two studies. (13th June 2016)
- Record Type:
- Journal Article
- Title:
- Assessing information security attitudes: a comparison of two studies. (13th June 2016)
- Main Title:
- Assessing information security attitudes: a comparison of two studies
- Authors:
- Pattinson, Malcolm
Parsons, Kathryn
Butavicius, Marcus
McCormac, Agata
Calic, Dragana - Abstract:
- Abstract : Purpose: The purpose of this paper is to report on the use of two studies that assessed the attitudes of typical computer users. The aim of the research was to compare a self-reporting online survey with a set of one-on-one repertory grid technique interviews. More specifically, this research focussed on participant attitudes toward naive and accidental information security behaviours. Design/methodology/approach: In the first study, 23 university students responded to an online survey within a university laboratory setting that captured their attitudes toward behaviours in each of seven focus areas. In the second study, the same students participated in a one-on-one repertory grid technique interview that elicited their attitudes toward the same seven behaviours. Results were analysed using Spearman correlations. Findings: There were significant correlations for three of the seven behaviours, although attitudes relating to password management, use of social networking sites, information handling and reporting of security incidents were not significantly correlated. Research limitations/implications: The small sample size ( n = 23) and the fact that participants were not necessarily representative of typical employees, may have impacted on the results. Practical implications: This study contributes to the challenge of developing a reliable instrument that will assess individual InfoSec awareness. Senior management will be better placed to design interventionAbstract : Purpose: The purpose of this paper is to report on the use of two studies that assessed the attitudes of typical computer users. The aim of the research was to compare a self-reporting online survey with a set of one-on-one repertory grid technique interviews. More specifically, this research focussed on participant attitudes toward naive and accidental information security behaviours. Design/methodology/approach: In the first study, 23 university students responded to an online survey within a university laboratory setting that captured their attitudes toward behaviours in each of seven focus areas. In the second study, the same students participated in a one-on-one repertory grid technique interview that elicited their attitudes toward the same seven behaviours. Results were analysed using Spearman correlations. Findings: There were significant correlations for three of the seven behaviours, although attitudes relating to password management, use of social networking sites, information handling and reporting of security incidents were not significantly correlated. Research limitations/implications: The small sample size ( n = 23) and the fact that participants were not necessarily representative of typical employees, may have impacted on the results. Practical implications: This study contributes to the challenge of developing a reliable instrument that will assess individual InfoSec awareness. Senior management will be better placed to design intervention strategies, such as training and education of employees, if individual attitudes are known. This, in turn, will reduce risk-inclined behaviour and a more secure organisation. Originality/value: The literature review indicates that this study addresses a genuine gap in the research. … (more)
- Is Part Of:
- Information and computer security. Volume 24:Number 2(2016)
- Journal:
- Information and computer security
- Issue:
- Volume 24:Number 2(2016)
- Issue Display:
- Volume 24, Issue 2 (2016)
- Year:
- 2016
- Volume:
- 24
- Issue:
- 2
- Issue Sort Value:
- 2016-0024-0002-0000
- Page Start:
- 228
- Page End:
- 240
- Publication Date:
- 2016-06-13
- Subjects:
- Theory of planned behaviour -- Information security (InfoSec) -- InfoSec behaviour -- Repertory grid technique (RGT)
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-01-2016-0009 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8149.xml