Studying Users’ Computer Security Behavior Using the Health Belief Model

The increasing frequency of security incidents is a major concern to organizations, and it is therefore important for organizations to protect themselves against security threats. Technological controls are important but not adequate, as the success of security also depends on the effective security behavior of individuals. Information security awareness programs are an important approach but such programs have to be effective in influencing user’s behavior. It is thus important to investigate the factors that will influence a user to practice computer security in the context of an organization. With such motivation in mind, this study uses the Health Belief Model, a well-established model from preventive healthcare, to study users’ computer security behavior. An instrument was developed based on health and security literature and conceptually validated. Data was collected from 134 employees of different organizations and analyzed using multiple regression analysis. Results show that perceived susceptibility, perceived benefits and self-efficacy are determinants of a user’s computer security behavior when applied to exercising care with email attachments. Theoretical and practical implications of this study are discussed

Gender Difference and Employees\u27 Cybersecurity Behaviors

Security breaches are prevalent in organizations and many of the breaches are attributed to human errors. As a result, the organizations need to increase their employees\u27 security awareness and their capabilities to engage in safe cybersecurity behaviors. Many different psychological and social factors affect employees\u27 cybersecurity behaviors. An important research question to explore is to what extent gender plays a role in mediating the factors that affect cybersecurity beliefs and behaviors of employees. In this vein, we conducted a cross-sectional survey study among employees of diverse organizations. We used structural equation modelling to assess the effect of gender as a moderator variable in the relations between psychosocial factors and self-reported cybersecurity behaviors. Our results show that gender has some effect in security self-efficacy (r=-0.435,

Cyber Hygiene Practices from The Lens of Professional Youth in Malaysia

Researchers have recognized cyber hygiene as an essential factor in reducing cybersecurity breaches. Factors affecting cyber hygiene practices are cyber hygiene knowledge and demographic factors. Inconclusive research has been found to be concerned with the extent of expertise and demographic factors that may affect cyber hygiene practices. This current pilot study aims to diagnose the effect of knowledge and demographic factors on cyber hygiene practices among professional youth in Malaysia. Forty-one usable questionnaires were further analyzed. The result showed no significant differences between demographic factors and cyber hygiene practices; and no significant relationship between knowledge and cyber hygiene practices among professional youth in Malaysia

Willingness to Pay Towards Healthier Bakery Product: Application of Health Belief Model

Abstract. Food consumption patterns are rapidly changing nowadays as a result of environmental issues, nutritional value concern of food, and health issues. As the interest of healthy lifestyle in Indonesia is on the rising, it is still unknown the specific customer reference in a particular food. The researcher put interest in the further investigation about a healthier alternative on bakery foods. This research aimed to assess the willingness to pay towards healthier bakery product using Health Belief Model as the research framework. The research was using eight main construct of Health Belief Model, which is Perceived Barriers(PB), Perceived Susceptibility(PS), Perceived Severity(PSE), Perceived Benefit(PBE), Self Efficacy(SE), Cues to Action(CA), General Health Orientation(GHO), Willingness to Use (WTU) and also Willingness to Pay(WTP) as the extension as the model to construct an 45-item questionnaire to assess respondent’s willingness to pay towards healthier bakery product in Bandung in particular. Using non-probability sampling method, the questionnaire was spread to 150 respondents in Bandung with age 18-34. After the responses screened and proved valid and reliable, it was analyzed using Path Analysis to investigate the relationship between variable. The results of this research reveal that the there are three variables which is Perceived Severity, Perceived Benefit and General Health Orientation that make significant relation to Willingness to Use as well as Willingness to Use also make significant relation to Willingness to Pay. Not all of the hypotheses in this research are supported by the result. However, the result related to the previous study by Masoud et al. (2014). The implications of this research from both practical and theoretical aspect are discussed for the entrepreneurial suggestion as well as for future research.  Keywords: Willingness to Pay, Health Belief Model, HealthÂ

Processing Information Security Messages: An Elaboration Likelihood Perspective

The increasing number of security incidents is causing great concern to organizations. Information security awareness programs are an important approach towards educating users to prevent such incidents. However, it is unclear how to effectively design security programs and messages such that they can inform and change user behaviour. The role of individual factors in influencing the processing of security messages is also unclear. This paper attempts to investigate these problems by studying the effects of security message characteristics and recipient factors on users’ attitude towards security, using the information-processing theory of elaboration likelihood. Two models are developed for this study. The first model studies two message characteristics, argument quantity and quality, as determinants of attitude towards security. A 2x2 factorial design experiment will be conducted to investigate the influence of these characteristics on attitude moderated by the elaboration likelihood towards the security message. The second model tests the effect of four recipient factors on elaboration likelihood. The model development, experimental methodology, and data analysis details are described in this research-in-progress paper. The results are expected to inform the design of effective security messages and contribute to research in this area

Information Security Policy Compliance: An Empirical Study of Ethical Ideology

Information security policy compliance (ISP) is one of the key concerns that face organizations today. Although technical and procedural measures help improve information security, there is an increased need to accommodate human, social and organizational factors. Despite the plethora of studies that attempt to identify the factors that motivate compliance behavior or discourage abuse and misuse behaviors, there is a lack of studies that investigate the role of ethical ideology per se in explaining compliance behavior. The purpose of this research is to investigate the role of ethics in explaining Information Security Policy (ISP) compliance. In that regard, a model that integrates behavioral and ethical theoretical perspectives is developed and tested. Overall, analyses indicate strong support for the validation of the proposed theoretical model

Preventive Adoption of Information Security Behaviors

Many tools and safe computing practices are available to information system users to help them avoid the negative outcomes due to information security threats. Yet many users do not use these tools and practices. We seek to understand the factors influencing organizational users’ adoption of preventive information security behaviors. These behaviors are similar to those which individuals practice to prevent negative health outcomes. A new model incorporating the primary antecedents of users’ intentions related to preventive security, the Preventive Adoption Model (PAM), is presented and tested. PAM is derived from health behavior theories (health belief model, protection motivation theory, and theory of planned behavior) and integrates key constructs specific to the information security context. Results of the study suggest that users’ beliefs regarding the threats and their avoidability, the proposed preventive actions, and their individual capabilities have an impact on their intentions to perform the prescribed behaviors

The Effects of Antecedents and Mediating Factors on Cybersecurity Protection Behavior

This paper identifies opportunities for potential theoretical and practical improvements in employees\u27 awareness of cybersecurity and their motivational behavior to protect themselves and their organizations from cyberattacks using the protection motivation theory. In addition, it contributes to the literature by examining additional variables and mediators besides the core constructs of the Protection Motivation Model (PMT). This article uses empirical data and structural equation modeling to test the antecedents and mediators of employees\u27 cybersecurity motivational behavior. The study offers theoretical and pragmatic guidance for cybersecurity programs. First, the model developed in this study can partially explain how people may change their cybersecurity protection behavior about security threats and coping actions. Secondly, the result of the study indicates that security coping factors are reliable predictors in projecting individual intention to take protective measures. Third, organizational effort in combatting cyber threats and increasing employee awareness is significantly associated with the use of cyber threat coping processes. Additionally, several practical prescriptions are suggested based on gender, generations, and types of organizations. For example, government organizations have taken well-designed cybersecurity measures and developed detailed protocols to enhance employees’ motivational behavior. Finally, future cybersecurity training materials should adapt to the unique traits of different generations, especially the Gen Edge group and digital natives for all cybersecurity subjects

Factors that Affect the Success of Security Education, Training, and Awareness Programs: A Literature Review

Preventing IT security incidents poses a great challenge for organizations. Today, senior managers allocate more resources to IT security programs (especially those programs that focus on educating and training employees) in order to reduce human misbehavior—a significant cause of IT security incidents. Building on the results of a literature review, we identify factors that affect the success of security education, training, and awareness (SETA) programs and organize them in a conceptual classification. The classification contains human influencing factors derived from different behavioral, decision making, and criminology theories that lead to IT security compliance and noncompliance. The classification comprehensively summarizes these factors and shows the correlations between them. The classification can help one to design and develop SETA programs and to establish suitable conditions for integrating them into organizations