Having Two Conflicting Goals in Mind: The Tension Between IS Security and Privacy when Avoiding Threats

Despite users of personal IT devices perceive high risks of losing their personal data if their devices get lost or damaged, many are reluctant to use user-friendly online services (i.e., online backups) to recover from such incidents. We suggest that the reason for this denial are information privacy concerns because users need to disclose their personal files to the safeguard provider. As safeguarding services promise to reduce the IS security threat of losing data, individuals are subsequently tensed between two goals: protecting their data against loss (IS security) and their information privacy. To shed light on this goal conflict, our work builds on the theory of goal-directed behavior. Based on a quantitative online survey among 446 participants, we show that privacy concerns impede threat avoidance to prevent data loss. Comparing current users and non-users of online backup services, our results confirm that provider-related privacy concerns are significantly higher for non-users

Empirical Assessment of Mobile Device Users’ Information Security Behavior towards Data Breach: Leveraging Protection Motivation Theory

User information security behavior has been an area of growing demand in information systems (IS) research. Unfortunately, most of the previous research done in user information security behavior have been in broad contexts, therefore creating a gap in the literature of similar research that focuses on specific emerging technologies and trends. With the growing reliance on mobile devices to increase the flexibility, speed and efficiency in how we work, communicate, shop, seek information and entertain ourselves, it is obvious that these devices have become data warehouses and platform for data in transit. This study was an empirical and quantitative study that gathered data leveraging a web-survey. Prior to conducting the survey for the main data collection, a Delphi study and pilot study were conducted. Convenience sampling was the category of nonprobability sampling design used to gather data. The 7-Point Likert Scale was used on all survey items. Pre-analysis data screening was conducted prior to data analysis. The Partial Least Square Structural Equation Modeling (PLS-SEM) was used to analyze the data gathered from a total of 390 responses received. The results of this study showed that perceived threat severity has a negative effect on protection motivation, while perceived threat susceptibility has a positive effect on protection motivation. Contrarily, the results from this study did not show that perceived response cost influences protection motivation. Response efficacy and mobile self-efficacy had a significant positive influence on protection motivation. Mobile device security usage showed to be significantly influenced positively by protection motivation. This study brings additional insight and theoretical implications to the existing literature. The findings reveal the PMT’s capacity to predict user behavior based on threat and coping appraisals within the context of mobile device security usage. Additionally, the extension of the PMT for the research model of this study implies that mobile devices users also can take recommended responses to protect their devices from security threats

The Influence of Cognitive Factors and Personality Traits on Mobile Device User\u27s Information Security Behavior

As individuals have become more dependent on mobile devices to communicate, to seek information, and to conduct business, their susceptibility to various threats to information security has also increased. Research has consistently shown that a user’s intention is a significant antecedent of information security behavior. Although research on user’s intention has expanded in the last few years, not enough is known about how cognitive factors and personality traits impact the adoption and use of mobile device security technologies. The purpose of this research was to empirically investigate the influence of cognitive factors and personality traits on mobile device user’s intention in regard to mobile device security technologies. A conceptual model was developed by combining constructs from both the Protection Motivation Theory (PMT) and the Big Five Factor Personality Traits. The data was collected using a web-based survey according to specific inclusion and exclusion criteria. Respondents were limited to adults 18 years or older who have been using their mobile devices to access the internet for at least one year. The Partial Least Square Structural Equation Modeling (PLS-SEM) was used to analyze the data gathered from a total of 356 responses received. The findings of this study show that perceived threat severity, perceived threat susceptibility, perceived response costs, response efficacy, and mobile self-efficacy have a significant positive effect on user’s intention. In particular, mobile self-efficacy had the strongest effect on the intention to use mobile device security technologies. Most of the personality traits factors were not found significant, except for conscientiousness. The user’s intention to use mobile device security technologies was found to have a significant effect on the actual usage of mobile device security technologies. Hence, the results support the suitability of the PMT and personality factors in the mobile device security technologies context. This study has contributed to information security research by providing empirical results on factors that influence the use of mobile device security technologies

An Empirical Examination of the Computer Security Behaviors of Telecommuters Working with Confidential Data through Leveraging the Factors from Fear Appeals Model (FAM)

Computer users’ security compliance behaviors can be better understood by devising an experimental study to examine how fear appeals might impact users’ security behavior. Telecommuter security behavior has become very relevant in information systems (IS) research with the growing number of individuals working from home. The increasing dependence on telecommuting to enhance the viability and convenience has created an urgency with the advent of the COVID-19 pandemic to examine the behavior of users working at home across a corporate network. The home networks are usually not as secure as those in corporate settings. There is seldom a firewall setting and lack of an up-to-date antivirus can make home computers more susceptible to attacks – especially when a user clicks on an attachment or malware. The goal of this study was to investigate how the home computer user’s behavior can be modified, especially among telecommuters who work with sensitive data. The data collected using a web-based survey. A Likert scale was used on all survey items with a pre-analysis of the data preceding the data assessment. The Partial Least Square (PLS) was used to report the analysis of the data gathered from a total of 376 response. The study outcomes demonstrated that response efficacy, self-efficacy, and social influence positively influenced protection motivation. The perceived threat severity positively affected both response efficacy and self-efficacy, while the perceived threat susceptibility did not affect both response efficacy and self-efficacy. The Fear Appeals Model (FAM) extension with computer security usage showed the positive significance of protection motivation on computer security usage. This study adds to the awareness and theoretical suggestions to the current literature. The results disclose the FAM capability to envisage user behavior established on threat and coping appraisals from home computer security usage. Furthermore, the study\u27s FAM extension implies that telecommuters can take recommended responses to protect their computers from security threats. The outcome will help managers communicate effectively with their telecommuting employees to modify their security behavior and safeguard their data

Security awareness of computer users: A game based learning approach

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The research reported in this thesis focuses on developing a framework for game design to protect computer users against phishing attacks. A comprehensive literature review was conducted to understand the research domain, support the proposed research work and identify the research gap to fulfil the contribution to knowledge. Two studies and one theoretical design were carried out to achieve the aim of this research reported in this thesis. A quantitative approach was used in the first study while engaging both quantitative and qualitative approaches in the second study. The first study reported in this thesis was focused to investigate the key elements that should be addressed in the game design framework to avoid phishing attacks. The proposed game design framework was aimed to enhance the user avoidance behaviour through motivation to thwart phishing attack. The results of this study revealed that perceived threat, safeguard effectiveness, safeguard cost, self-efficacy, perceived severity and perceived susceptibility elements should be incorporated into the game design framework for computer users to avoid phishing attacks through their motivation. The theoretical design approach was focused on designing a mobile game to educate computer users against phishing attacks. The elements of the framework were addressed in the mobile game design context. The main objective of the proposed mobile game design was to teach users how to identify phishing website addresses (URLs), which is one of many ways of identifying a phishing attack. The mobile game prototype was developed using MIT App inventor emulator. In the second study, the formulated game design framework was evaluated through the deployed mobile game prototype on a HTC One X touch screen smart phone. Then a discussion is reported in this thesis investigating the effectiveness of the developed mobile game prototype compared to traditional online learning to thwart phishing threats. Finally, the research reported in this thesis found that the mobile game is somewhat effective in enhancing the user’s phishing awareness. It also revealed that the participants who played the mobile game were better able to identify fraudulent websites compared to the participants who read the website without any training. Therefore, the research reported in this thesis determined that perceived threat, safeguard effectiveness, safeguard cost, self-efficacy, perceived threat and perceived susceptibility elements have a significant impact on avoidance behaviour through motivation to thwart phishing attacks as addressed in the game design framework