4,448 research outputs found

    The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies

    Get PDF
    While there is a rich body of literature on user acceptance of technologies with positive outcomes, little is known about user behavior toward what we call protective technologies: information technologies that protect data and systems from disturbances such as viruses, unauthorized access, disruptions, spyware, and others. In this paper, we present the results of a study of user behavioral intention toward protective technologies based on the framework of the theory of planned behavior. We find that awareness of the threats posed by negative technologies is a strong predictor of user behavioral intention toward the use of protective technologies. More interestingly, in the presence of awareness, the influence of subjective norm on individual behavioral intention is weaker among basic technology users but stronger among advanced technology users. Furthermore, while our results are consistent with many of the previously established relationships in the context of positive technologies, we find that the determinants ¥°perceived ease of use¥± and ¥°computer self-efficacy¥± are no longer significant in the context of protective technologies. We believe that this result highlights the most significant difference between positive technologies and protective technologies: while the former are used for their designed utilities, for which usefulness and ease of use have a significant impact, the latter are used out of fear of negative consequences, for which awareness becomes a key determinant. We discussed the theoretical and practical implications of these findings. The findings of this study extend the theory of planned behavior to the context of protective technologies and shed insights on designing effective information security policies, practices, and protective technologies for organizations and society

    A Common Description and Measures for Perceived Behavioral Control in Information Security for Organizations.

    Get PDF
    Understanding employee’s security behavior is required before effective security policies and training materials can be developed. The Anti-virus software, secure systems design methods, information management standards, and information systems security policies; which have been developed and implemented by many organizations; have not been successfully adopted. Information systems research is encompassing social aspects of systems research more and more in order to explain user behavior and improve technology acceptance. Theory of planned behavior based on Attitude, subjective norm, and perceived behavioral control (PBC) constructs, considers intentions as cognitive antecedents of actions or behavior. This study reviews various research on PBC and finds the most common measures for PBC, which can be used in organizations to develop a method to influence employees perceived behavioral control positively with the goal of inducing positive security behavior. Further, a conceptua

    Information Security Policy Compliance: A User Acceptance Perspective

    Get PDF
    Compliance with information security policies (ISPs) is a key factor in reducing an organization’s information security risks. As such, understanding employees’ compliance behavior with ISPs is an important first step to leverage knowledge worker assets in efforts targeted toward reducing information security risks. This study adapts the Technology Acceptance Model (TAM) to examine users’ behavioral intention to comply with ISPs. The impact of information security awareness on behavioral intentions to comply is also considered in the research model. This is a research in progress, and an instrument is being developed to conduct a survey study to gather data from employees in the banking sector in Jordan

    Post Data Breach Use of Protective Technologies: An Examination of Users’ Dilemma

    Get PDF
    This preliminary research addresses the technology use uncertainties that arise when users are presented with protective technologies following a data breach or privacy violation announcement. Prior studies have provided understanding of determinants of technology use through several perspectives. The study complements prior research by arguing that, beyond individual dispositions or technology features, data breach announcements bring users’ focus on the actions of the breaching organization. Fair process and information practices provide avenue for organizations to alleviate users’ concerns and increase service usage. We draw on organizational justice theory to develop a model that explicates the effect of organizational fairness process and use of technologies. We test this model using data from 200 Facebook users recruited from Amazon MTurk. We found that procedural and informational justice have differential effect on users’ desire to use protective technologies. Our findings have both theoretical and practical implications

    Linking Threat Avoidance and Security Adoption: A Theoretical Model For SMEs

    Get PDF
    A deficiency exists in the Information Systems Security literature because of the tendency to regard IT threat avoidance and IT security adoption as separate behaviours. In addressing the deficiency this research in progress focuses on SMEs, for several reasons including their strategic importance globally, the current trend among cybercriminals to conduct more high volume, low risk attacks against weaker targets and also because of the individualistic behavioural patterns in SMEs. Drawing on several well-established behavioural theories, this paper synthesises elements of these theories into a holistic model, with coping theory placed firmly at is centre. This study will make several contributions to the field, initially creating an empirically validated model for behaviours surrounding both avoidance and preventative actions in small firms and also in presenting and prioritising a specific view of the external factors influencing how threats are appraised, assessed and dealt with

    Information Security Policy Compliance: The Role of Information Security Awareness

    Get PDF
    Compliance and systems misuse has been the focus of researchers in the last couple of years. However, given that voids in this area is still significant and systems abuse is a pressing issue likely to persist in the future, more investigation is needed in this area. Toward this end, we conducted a research study to help understand factors motivating compliance behavior intentions. Drawing on Theory of Planned Behavior, we investigated the role of users’ self-learning and knowledge of security issues in shaping their attitudes toward compliance with information security policies (ISPs). We collected data from nine financial organizations to test the proposed research model. Results show that employees’ previous knowledge of security issues and technologies have significant positive impact on their attitudes toward compliance with ISPs. This study sheds light on the importance of users’ general awareness of security issues and technologies in shaping their attitudes to comply with ISPs

    Identifying Multiple Categories of Cybersecurity Skills that Affect User Acceptance of Protective Information Technologies.

    Get PDF
    Cybersecurity threat is one of the major national security challenges confronting the United States, making it imperative to achieve safe user security behavior on information systems. Safe user security behavior hinges on the attitude of a computer user to accept the usage of Protective information technologies (PIT), including security software. Past studies focused on user acceptance of PIT with antecedents such as usefulness, capabilities, and self-efficacy but rarely addressed specific cybersecurity skills needed to improve the user attitude and acceptance of security software use. The purpose of this study is to examine what category of cybersecurity skills can improve the user acceptance of PIT. We propose a theoretical model that examines the effect of cybersecurity computing skills, cybersecurity initiative skills and cybersecurity action skills on user attitude and acceptance of PIT. This research addresses the national cybersecurity threat and has both theoretical and practical implications

    Information Security Awareness: Literature Review and Integrative Framework

    Get PDF
    Individuals’ information security awareness (ISA) plays a critical role in determining their security-related behavior in both organizational and private contexts. Understanding this relationship has important implications for individuals and organizations alike who continuously struggle to protect their information security. Despite much research on ISA, there is a lack of an overarching picture of the concept of ISA and its relationship with other constructs. By reviewing 40 studies, this study synthesizes the relationship between ISA and its antecedents and consequences. In particular, we (1) examine definitions of ISA; (2) categorize antecedents of ISA according to their level of origin; and (3) identify consequences of ISA in terms of changes in beliefs, attitudes, intentions, and actual security-related behaviors. A framework illustrating the relationships between the constructs is provided and areas for future research are identified

    Cultural Influence and the Effective Use of Security Awareness in Congolese Organizations

    Get PDF
    In today’s global economy, the need to reuse technological advancements as well as training and awareness materials for information security programs from western countries in developing nations is growing. To understand the underlying drivers of employees effective use behaviors as it relates to security awareness programs in organizations; this study examined the extrinsic and intrinsic motivation factors that influence employees’ effective use of security awareness programs in organizations located in developing nations. The results showed that influencing employees’ attitudes toward security is a better predictor of employees’ effective use of security awareness programs than compliance intention. Cultural has also shown to have an influence over employee’s effective use of security awareness program

    Cultural Influence and the Effective Use of Security Awareness in Congolese Organizations

    Get PDF
    In today’s global economy, there is a growing need to apply technological advancements as well as training and awareness materials from western countries on information security programs in developing nations. To understand the underlying drivers of employees’ effective use behaviors in relation to security awareness programs in organizations, this study examines the extrinsic and intrinsic motivation factors that influence employees located in developing nations. The results indicate that influencing employees’ attitudes toward security is a better predictor of employees’ effective use of security awareness programs than their intention to comply. Cultural effects has also proven to have an influence on employees’ effective use of security awareness programs
    • 

    corecore