Individual Differences in Cyber Security

A survey of IT professionals suggested that despite technological advancement and organizational procedures to prevent cyber-attacks, users are still the weakest link in cyber security (Crossler, 2013). This suggests it is important to discover what individual differences may cause a user to be more or less vulnerable to cyber security threats. Cyber security knowledge has been shown to lead to increased learning and proactive cyber security behavior (CSB). Self-efficacy has been shown to be a strong predictor of a user’s intended behavior. Traits such as neuroticism have been shown to negatively influence cyber security knowledge and self-efficacy, which may hinder CSB. In discovering what individual traits may predict CSB, users and designers may be able to implement solutions to improve CSB. In this study, 183 undergraduate students at San José State University completed an online survey. Students completed surveys of self-efficacy in information security, and cyber security behavioral intention, as well as a personality inventory and a semantic cyber security knowledge quiz. Correlational analyses were conducted to test hypotheses related to individual traits expected to predict CSB. Results included a negative relationship between neuroticism and self-efficacy and a positive relationship between self-efficacy and CSB. Overall, the results support the conclusion that individual differences can predict self-efficacy and intention to engage in CSB. Future research is needed to investigate whether CSB is influenced by traits such as neuroticism, if CSB can be improved through video games, and which are the causal directions of these effects

Characterizing Hospital Workers' Willingness to Respond to a Radiological Event

Terrorist use of a radiological dispersal device (RDD, or "dirty bomb"), which combines a conventional explosive device with radiological materials, is among the National Planning Scenarios of the United States government. Understanding employee willingness to respond is critical for planning experts. Previous research has demonstrated that perception of threat and efficacy is key in the assessing willingness to respond to a RDD event.An anonymous online survey was used to evaluate the willingness of hospital employees to respond to a RDD event. Agreement with a series of belief statements was assessed, following a methodology validated in previous work. The survey was available online to all 18,612 employees of the Johns Hopkins Hospital from January to March 2009.Surveys were completed by 3426 employees (18.4%), whose demographic distribution was similar to overall hospital staff. 39% of hospital workers were not willing to respond to a RDD scenario if asked but not required to do so. Only 11% more were willing if required. Workers who were hesitant to agree to work additional hours when required were 20 times less likely to report during a RDD emergency. Respondents who perceived their peers as likely to report to work in a RDD emergency were 17 times more likely to respond during a RDD event if asked. Only 27.9% of the hospital employees with a perception of low efficacy declared willingness to respond to a severe RDD event. Perception of threat had little impact on willingness to respond among hospital workers.Radiological scenarios such as RDDs are among the most dreaded emergency events yet studied. Several attitudinal indicators can help to identify hospital employees unlikely to respond. These risk-perception modifiers must then be addressed through training to enable effective hospital response to a RDD event