Factors that Influence Information Security Behavior: An Australian Web-Based Study

详细信息    查看全文

• 关键词：Information security (InfoSec) ; Information risk ; Human aspects of cyber security (HACS) ; Behavioral information security ; Risk management
• 刊名：Lecture Notes in Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：9190
• 期：1
• 页码：231-241
• 全文大小：1,471 KB
• 参考文献：1.Abraham, S.: Information security behaviour: factors and research directions. In: AMCIS 2011 Proceedings - All Submissions, Paper 462 (2011)
  2.Pahnila, S., Siponen, M., Mahmood, A.: Employees-behavior towards IS security policy compliance. In: 40th Annual Hawaii International Conference on System Sciences (HICSS 2007). IEEE, Hawaii (2007)
  3.D’Arcy, J., Hovav, A., Galletta, D.: User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf. Syst. Res. 20(1), 79-8 (2009)View Article
  4.Anderson, C., Agarwal, R.: Practicing safe computing: a multimethod empirical examination of home computer user security behavioral intentions. MIS Q. 34(3), 613-43 (2010)
  5.Vance, A., Siponen, M., Pahnila, S.: Motivating IS security compliance: insights from habit and protection motivation theory. Inf. Manag. 49(3), 190-98 (2012)View Article
  6.Kajzer, M., et al.: An exploratory investigation of message-person congruence in information security awareness campaigns. Comput. Secur. 43, 64-6 (2014)View Article
  7.AS/NZS_ISO/IEC_27002: Information Technology - Security Techniques - Code of practice for Information security management. Standards Australia/Standards New Zealand (2006)
  8.NIST_SP800_100: Information Security Handbook: A Guide for Managers. National Institute of Standards and Technology, MD (2006)
  9.COBIT5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, IL (2012)
  10.John, O.P., Donahue, E.M., Kentle, R.L.: The Big Five Inventory—Versions 4a and 54. University of California, Institute of Personality and Social Research, Berkeley (1991)
  11.Gosling, S.D., Rentfrow, P.J., Swann Jr., W.B.: A very brief measure of the Big-Five personality domains. J. Res. Pers. 37(6), 504-28 (2003)View Article
  12.Frederick, S.: Cognitive reflection and decision making. J. Econ. Perspect. 19(4), 25-2 (2005)View Article
  13.Welsh, M., Burns, N., Delfabbro, P.: The cognitive reflection test: how much more than numerical ability? In: Proceedings of the 35th Annual Conference of the Cognitive Science Society (2013)
  14.Green, S.B.: How many subjects does it take to do a regression analysis. Multivar. Behav. Res. 26, 499-10 (1991)View Article
  15.Miles, J., Shevlin, M.: Applying Regression and Correlation: A Guide for Students and Researchers. SAGE Publications, London (2001)
  16.Cohen, J.W.: Statistical Power Analysis for the Behavioral Sciences, 2 ed. Lawrence Erlbaum Associates, New Jersey (1988)
  17.Pallant, J.: SPSS Survival Manual: A Step-by-Step Guide to Data Analysis using SPSS for Windows, 3 ed. Allen & Unwin, NSW (2007)
  18.Nunnally, J., Bernstein, I.: Psychological Theory. McGraw-Hill, New York (1994)
  19.D’Arcy, J., Greene, G.: Security culture and the employment relationship as drivers of employees-security compliance. Inf. Manage. Comput. Secur. 22(5), 474-89 (2014)
  20.Workman, M.: Gaining access with social engineering: an empirical study of the threat. Inf. Syst. Secur. 16(6), 315-31 (2007)View Article
  21.Spector, P.E.: Using self-report questionnaires in OB research: a comment on the use of a controversial method. J. Organ. Behav. 15(5), 385-92 (1994)View Article
  22.Edwards, A.L.: The relationship between the judged desirability of a trait and the probability that the trait will be endorsed. J. Appl. Psychol. 37(2), 90-3 (1953)View Article
  23.Crossler, R.E., et al.: Future directions for behavioral information security research. Comput. Secur. 32, 90-01 (2013)View Article
  
• 作者单位：Malcolm Pattinson (15)
  Marcus Butavicius (16)
  Kathryn Parsons (16)
  Agata McCormac (16)
  Dragana Calic (16)
  
  15. Adelaide Business School, The University of Adelaide, Adelaide, SA, Australia
  16. Defence Science and Technology Organisation, Edinburgh, SA, Australia
  
• 丛书名：Human Aspects of Information Security, Privacy, and Trust
• ISBN：978-3-319-20376-8
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

Information Security professionals have been attempting to convince senior management for many years that humans represent a major risk to the security of an organization’s computer systems and the information that these systems process. This major threat relates to the behavior of employees whilst they are using a computer at work. This paper examines the non-malicious computer-based behavior and how it is influenced by a mixture of individual, organizational and interventional factors. The specific factors reported herein include an employee’s age; education level; ability to control impulsivity; familiarity with computers; and personality. This research utilized the Qualtrics online web-based survey software to develop and distribute a questionnaire that resulted in 500 valid responses. The major conclusions of this research are that an employee’s accidental-naive behavior is likely to be less risky if they are more conscientious; older; more agreeable; less impulsive; more open; and, surprisingly, less familiar with computers.