4,448 research outputs found
The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies
While there is a rich body of literature on user acceptance of technologies with positive outcomes, little is known about user behavior toward what we call protective technologies: information technologies that protect data and systems from disturbances such as viruses, unauthorized access, disruptions, spyware, and others. In this paper, we present the results of a study of user behavioral intention toward protective technologies based on the framework of the theory of planned behavior. We find that awareness of the threats posed by negative technologies is a strong predictor of user behavioral intention toward the use of protective technologies. More interestingly, in the presence of awareness, the influence of subjective norm on individual behavioral intention is weaker among basic technology users but stronger among advanced technology users. Furthermore, while our results are consistent with many of the previously established relationships in the context of positive technologies, we find that the determinants ¥°perceived ease of use¥± and ¥°computer self-efficacy¥± are no longer significant in the context of protective technologies. We believe that this result highlights the most significant difference between positive technologies and protective technologies: while the former are used for their designed utilities, for which usefulness and ease of use have a significant impact, the latter are used out of fear of negative consequences, for which awareness becomes a key determinant. We discussed the theoretical and practical implications of these findings. The findings of this study extend the theory of planned behavior to the context of protective technologies and shed insights on designing effective information security policies, practices, and protective technologies for organizations and society
A Common Description and Measures for Perceived Behavioral Control in Information Security for Organizations.
Understanding employeeâs security behavior is required before effective security policies and training materials can be developed. The Anti-virus software, secure systems design methods, information management standards, and information systems security policies; which have been developed and implemented by many organizations; have not been successfully adopted. Information systems research is encompassing social aspects of systems research more and more in order to explain user behavior and improve technology acceptance. Theory of planned behavior based on Attitude, subjective norm, and perceived behavioral control (PBC) constructs, considers intentions as cognitive antecedents of actions or behavior. This study reviews various research on PBC and finds the most common measures for PBC, which can be used in organizations to develop a method to influence employees perceived behavioral control positively with the goal of inducing positive security behavior. Further, a conceptua
Information Security Policy Compliance: A User Acceptance Perspective
Compliance with information security policies (ISPs) is a key factor in reducing an organizationâs information security risks. As such, understanding employeesâ compliance behavior with ISPs is an important first step to leverage knowledge worker assets in efforts targeted toward reducing information security risks. This study adapts the Technology Acceptance Model (TAM) to examine usersâ behavioral intention to comply with ISPs. The impact of information security awareness on behavioral intentions to comply is also considered in the research model. This is a research in progress, and an instrument is being developed to conduct a survey study to gather data from employees in the banking sector in Jordan
Post Data Breach Use of Protective Technologies: An Examination of Usersâ Dilemma
This preliminary research addresses the technology use uncertainties that arise when users are presented with protective technologies following a data breach or privacy violation announcement. Prior studies have provided understanding of determinants of technology use through several perspectives. The study complements prior research by arguing that, beyond individual dispositions or technology features, data breach announcements bring usersâ focus on the actions of the breaching organization. Fair process and information practices provide avenue for organizations to alleviate usersâ concerns and increase service usage. We draw on organizational justice theory to develop a model that explicates the effect of organizational fairness process and use of technologies. We test this model using data from 200 Facebook users recruited from Amazon MTurk. We found that procedural and informational justice have differential effect on usersâ desire to use protective technologies. Our findings have both theoretical and practical implications
Linking Threat Avoidance and Security Adoption: A Theoretical Model For SMEs
A deficiency exists in the Information Systems Security literature because of the tendency to regard IT threat avoidance and IT security adoption as separate behaviours. In addressing the deficiency this research in progress focuses on SMEs, for several reasons including their strategic importance globally, the current trend among cybercriminals to conduct more high volume, low risk attacks against weaker targets and also because of the individualistic behavioural patterns in SMEs. Drawing on several well-established behavioural theories, this paper synthesises elements of these theories into a holistic model, with coping theory placed firmly at is centre. This study will make several contributions to the field, initially creating an empirically validated model for behaviours surrounding both avoidance and preventative actions in small firms and also in presenting and prioritising a specific view of the external factors influencing how threats are appraised, assessed and dealt with
Information Security Policy Compliance: The Role of Information Security Awareness
Compliance and systems misuse has been the focus of researchers in the last couple of years. However, given that voids in this area is still significant and systems abuse is a pressing issue likely to persist in the future, more investigation is needed in this area. Toward this end, we conducted a research study to help understand factors motivating compliance behavior intentions. Drawing on Theory of Planned Behavior, we investigated the role of usersâ self-learning and knowledge of security issues in shaping their attitudes toward compliance with information security policies (ISPs). We collected data from nine financial organizations to test the proposed research model. Results show that employeesâ previous knowledge of security issues and technologies have significant positive impact on their attitudes toward compliance with ISPs. This study sheds light on the importance of usersâ general awareness of security issues and technologies in shaping their attitudes to comply with ISPs
Identifying Multiple Categories of Cybersecurity Skills that Affect User Acceptance of Protective Information Technologies.
Cybersecurity threat is one of the major national security challenges confronting the United States, making it imperative to achieve safe user security behavior on information systems. Safe user security behavior hinges on the attitude of a computer user to accept the usage of Protective information technologies (PIT), including security software. Past studies focused on user acceptance of PIT with antecedents such as usefulness, capabilities, and self-efficacy but rarely addressed specific cybersecurity skills needed to improve the user attitude and acceptance of security software use. The purpose of this study is to examine what category of cybersecurity skills can improve the user acceptance of PIT. We propose a theoretical model that examines the effect of cybersecurity computing skills, cybersecurity initiative skills and cybersecurity action skills on user attitude and acceptance of PIT. This research addresses the national cybersecurity threat and has both theoretical and practical implications
Information Security Awareness: Literature Review and Integrative Framework
Individualsâ information security awareness (ISA) plays a critical role in determining their security-related behavior in both organizational and private contexts. Understanding this relationship has important implications for individuals and organizations alike who continuously struggle to protect their information security. Despite much research on ISA, there is a lack of an overarching picture of the concept of ISA and its relationship with other constructs. By reviewing 40 studies, this study synthesizes the relationship between ISA and its antecedents and consequences. In particular, we (1) examine definitions of ISA; (2) categorize antecedents of ISA according to their level of origin; and (3) identify consequences of ISA in terms of changes in beliefs, attitudes, intentions, and actual security-related behaviors. A framework illustrating the relationships between the constructs is provided and areas for future research are identified
Cultural Influence and the Effective Use of Security Awareness in Congolese Organizations
In todayâs global economy, the need to reuse technological advancements as well as training and awareness materials for information security programs from western countries in developing nations is growing. To understand the underlying drivers of employees effective use behaviors as it relates to security awareness programs in organizations; this study examined the extrinsic and intrinsic motivation factors that influence employeesâ effective use of security awareness programs in organizations located in developing nations. The results showed that influencing employeesâ attitudes toward security is a better predictor of employeesâ effective use of security awareness programs than compliance intention. Cultural has also shown to have an influence over employeeâs effective use of security awareness program
Cultural Influence and the Effective Use of Security Awareness in Congolese Organizations
In todayâs global economy, there is a growing need to apply technological advancements as well as training and awareness materials from western countries on information security programs in developing nations. To understand the underlying drivers of employeesâ effective use behaviors in relation to security awareness programs in organizations, this study examines the extrinsic and intrinsic motivation factors that influence employees located in developing nations. The results indicate that influencing employeesâ attitudes toward security is a better predictor of employeesâ effective use of security awareness programs than their intention to comply. Cultural effects has also proven to have an influence on employeesâ effective use of security awareness programs
- âŠ