Assessing information security attitudes: a comparison of two studies
M Pattinson, K Parsons, M Butavicius… - … & Computer Security, 2016 - emerald.com
M Pattinson, K Parsons, M Butavicius, A McCormac, D Calic
Information & Computer Security, 2016•emerald.comPurpose The purpose of this paper is to report on the use of two studies that assessed the
attitudes of typical computer users. The aim of the research was to compare a self-reporting
online survey with a set of one-on-one repertory grid technique interviews. More specifically,
this research focussed on participant attitudes toward naive and accidental information
security behaviours. Design/methodology/approach In the first study, 23 university students
responded to an online survey within a university laboratory setting that captured their …
attitudes of typical computer users. The aim of the research was to compare a self-reporting
online survey with a set of one-on-one repertory grid technique interviews. More specifically,
this research focussed on participant attitudes toward naive and accidental information
security behaviours. Design/methodology/approach In the first study, 23 university students
responded to an online survey within a university laboratory setting that captured their …
Purpose
The purpose of this paper is to report on the use of two studies that assessed the attitudes of typical computer users. The aim of the research was to compare a self-reporting online survey with a set of one-on-one repertory grid technique interviews. More specifically, this research focussed on participant attitudes toward naive and accidental information security behaviours.
Design/methodology/approach
In the first study, 23 university students responded to an online survey within a university laboratory setting that captured their attitudes toward behaviours in each of seven focus areas. In the second study, the same students participated in a one-on-one repertory grid technique interview that elicited their attitudes toward the same seven behaviours. Results were analysed using Spearman correlations.
Findings
There were significant correlations for three of the seven behaviours, although attitudes relating to password management, use of social networking sites, information handling and reporting of security incidents were not significantly correlated.
Research limitations/implications
The small sample size (n = 23) and the fact that participants were not necessarily representative of typical employees, may have impacted on the results.
Practical implications
This study contributes to the challenge of developing a reliable instrument that will assess individual InfoSec awareness. Senior management will be better placed to design intervention strategies, such as training and education of employees, if individual attitudes are known. This, in turn, will reduce risk-inclined behaviour and a more secure organisation.
Originality/value
The literature review indicates that this study addresses a genuine gap in the research.
Emerald Insight以上显示的是最相近的搜索结果。 查看全部搜索结果