An Empirical Study of Home User Intentions towards Computer Security

Home computer users are solely responsible for implementing security measures on their devices. Although most computers have security software installed, the potential remains for security breaches, which makes it important for home users to take additional steps, such as not sharing one’s password and using strong passwords, to secure their devices further. Drawing on protection motivation theory and findings from prior research, this study evaluates factors that influence individuals to implement additional security measures to protect their home computers. Using SmartPLS and responses from 72 home computer users, the results show that response efficacy, self-efficacy and subjective norms were significant in encouraging persons to implement additional security measures. Maladaptive rewards on the other hand acted as a significant detractor, while neither perceived vulnerability nor perceived severity was significant in relation to willingness to implement additional security measures

College Student Home Computer Security Adoption

The home Internet user faces a hostile environment abundant in potential attacks on their computers. These attacks have been increasing at an alarming rate and cause damage to individuals and organizations regularly, and have the potential to cripple the critical infrastructures of entire countries. Recent research has determined that some individuals are not utilizing additional software protections available to mitigate these potential security risks. This paper seeks to clarify the reasons by proposing a conceptual framework that utilizes the Health Belief Model as a possible way to explain why some people do not perceive a threat sufficient to prompt the adoption of computer security software

The Effects of Antecedents and Mediating Factors on Cybersecurity Protection Behavior

This paper identifies opportunities for potential theoretical and practical improvements in employees\u27 awareness of cybersecurity and their motivational behavior to protect themselves and their organizations from cyberattacks using the protection motivation theory. In addition, it contributes to the literature by examining additional variables and mediators besides the core constructs of the Protection Motivation Model (PMT). This article uses empirical data and structural equation modeling to test the antecedents and mediators of employees\u27 cybersecurity motivational behavior. The study offers theoretical and pragmatic guidance for cybersecurity programs. First, the model developed in this study can partially explain how people may change their cybersecurity protection behavior about security threats and coping actions. Secondly, the result of the study indicates that security coping factors are reliable predictors in projecting individual intention to take protective measures. Third, organizational effort in combatting cyber threats and increasing employee awareness is significantly associated with the use of cyber threat coping processes. Additionally, several practical prescriptions are suggested based on gender, generations, and types of organizations. For example, government organizations have taken well-designed cybersecurity measures and developed detailed protocols to enhance employees’ motivational behavior. Finally, future cybersecurity training materials should adapt to the unique traits of different generations, especially the Gen Edge group and digital natives for all cybersecurity subjects

An Empirical Examination of the Computer Security Behaviors of Telecommuters Working with Confidential Data through Leveraging the Factors from Fear Appeals Model (FAM)

Computer users’ security compliance behaviors can be better understood by devising an experimental study to examine how fear appeals might impact users’ security behavior. Telecommuter security behavior has become very relevant in information systems (IS) research with the growing number of individuals working from home. The increasing dependence on telecommuting to enhance the viability and convenience has created an urgency with the advent of the COVID-19 pandemic to examine the behavior of users working at home across a corporate network. The home networks are usually not as secure as those in corporate settings. There is seldom a firewall setting and lack of an up-to-date antivirus can make home computers more susceptible to attacks – especially when a user clicks on an attachment or malware. The goal of this study was to investigate how the home computer user’s behavior can be modified, especially among telecommuters who work with sensitive data. The data collected using a web-based survey. A Likert scale was used on all survey items with a pre-analysis of the data preceding the data assessment. The Partial Least Square (PLS) was used to report the analysis of the data gathered from a total of 376 response. The study outcomes demonstrated that response efficacy, self-efficacy, and social influence positively influenced protection motivation. The perceived threat severity positively affected both response efficacy and self-efficacy, while the perceived threat susceptibility did not affect both response efficacy and self-efficacy. The Fear Appeals Model (FAM) extension with computer security usage showed the positive significance of protection motivation on computer security usage. This study adds to the awareness and theoretical suggestions to the current literature. The results disclose the FAM capability to envisage user behavior established on threat and coping appraisals from home computer security usage. Furthermore, the study\u27s FAM extension implies that telecommuters can take recommended responses to protect their computers from security threats. The outcome will help managers communicate effectively with their telecommuting employees to modify their security behavior and safeguard their data

Analyzing The Adoption of Computer Security Utilizing The Health Belief Model

The home Internet user faces a hostile environment abundant in potential attacks on their computers. These attacks have been increasing at an alarming rate and cause damage to individuals and organizations regularly, and have the potential to cripple the critical infrastructures of entire countries. Recent research has determined that some individuals are not utilizing additional software protections available to mitigate these potential security risks. This paper seeks to further examine the reasons by proposing a conceptual framework that utilizes the Health Belief Model as a possible way to explain why some people do not perceive a threat sufficient to prompt the adoption of computer security software

Responding to cybercrime: Results of a comparison between community members and police personnel

Advancements in information technology are sources of both opportunity and vulnerability for citizens. Previous research indicates that there are significant challenges for police in investigating cybercrime, that community expectations about police responses are based largely on media representations, and that victims experience high levels of frustration and stigmatisation. This paper examines the views of the Australian community and law enforcement officers about the policing of cybercrime. Results suggest that police personnel are more likely to view cybercrime as serious, and community members are more likely to ascribe blame to victims. Results also indicate a discrepancy between police and community members in their views of the efficacy of police responses. These discrepancies contribute to public dissatisfaction. Therefore, the paper covers some general strategies for short-and long-term cybercrime prevention

Information Security Awareness: Literature Review and Integrative Framework

Individuals’ information security awareness (ISA) plays a critical role in determining their security-related behavior in both organizational and private contexts. Understanding this relationship has important implications for individuals and organizations alike who continuously struggle to protect their information security. Despite much research on ISA, there is a lack of an overarching picture of the concept of ISA and its relationship with other constructs. By reviewing 40 studies, this study synthesizes the relationship between ISA and its antecedents and consequences. In particular, we (1) examine definitions of ISA; (2) categorize antecedents of ISA according to their level of origin; and (3) identify consequences of ISA in terms of changes in beliefs, attitudes, intentions, and actual security-related behaviors. A framework illustrating the relationships between the constructs is provided and areas for future research are identified

Risk homeostasis in information security:challenges in confirming existence and verifying impact

The central premise behind risk homeostasis theory is that humans adapt their behaviors, based on external factors, to align with a personal risk tolerance level. In essence, this means that the safer or more secure they feel, the more likely it is that they will behave in a risky manner. If this effect exists, it serves to restrict the ability of risk mitigation techniques to effect improvements.The concept is hotly debated in the safety area. Some authors agree that the effect exists, but also point out that it is poorly understood and unreliably predicted. Other re-searchers consider the entire concept fallacious. It is important to gain clarity about whether the effect exists, and to gauge its impact if such evidence can indeed be found.In this paper we consider risk homeostasis in the context of information security. Similar to the safety area, information security could well be impaired if a risk homeostasis effect neutralizes the potential benefits of risk mitigation measures. If the risk homeostasis effect does indeed exist and does impact risk-related behaviors, people will simply elevate risky behaviors in response to feeling less vulnerable due to following security procedures and using protective technologies.Here we discuss, in particular, the challenges we face in confirming the existence and impact of the risk homeostasis effect in information security, especially in an era of ethical research practice

The Mediating Role of Awareness in Bridging the Expectancy-Capability Gap in Mobile Identity Protection

AlHelaly, Y., Dhillon, G., & Oliveira, T. (2023). When Expectation Fails and Motivation Prevails: The Mediating Role of Awareness in Bridging the Expectancy-Capability Gap in Mobile Identity Protection. Computers & Security, 134(November), 1-20. [103470]. https://doi.org/10.1016/j.cose.2023.103470Identity theft poses a significant threat to mobile users, yet mobile identity protection is often overlooked in cybersecurity literature. Despite various technical solutions proposed, little attention has been given to the motivational aspects of protection. Moreover, the disparity between individuals' expectations and their ability to safeguard their mobile identities exacerbates the problem. This study adopts a mixed-methods approach and draws on expectancy-value theory to address these gaps and explore the impact of expectations, capabilities, motivational values, technical measures, and awareness on individuals' intentions to achieve mobile identity protection. Our research reveals that protection awareness acts as a crucial mediator between individuals' expectations and capabilities. Additionally, motivational values not only enhance technical protection measures but also significantly influence identity protection intentions. Furthermore, we identify the moderating effect of protection experience on individuals' expectations and perceived value of identity protection. This study contributes to mobile security literature by highlighting the pivotal role of protection awareness in bridging the divide between individual expectations and actual capabilities in mobile identity protection.publishersversionpublishe

A descriptive review and classification of organizational information security awareness research

Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding