Dang et al. (2013), "Contextual difference and intention to perform information security behaviours: a Protection Motivation Theory approach", ACIS 2013
•Download as PPT, PDF•
1 like•509 views
The research domain of end-user’s information security behaviours has been gaining much attention over the recent years. While the nature of intention to perform information security behaviours are being revealed, there are still gaps in this area. In particular, few studies have addressed whether such intention remains across contexts, especially from home to public places. Secondly, the amount of the cyber-threats swells with the increase of personal devices with the rapid adoption of the BYOD trend. This research employed MSEM methods to develop a conceptual model based on Protection Motivation Theory by using data collected from 252 higher education students in a BYOD Australian university. Our findings confirmed and explored in details how intention to perform information security behaviours varied due to the change of context. Academics and practitioners could mitigate the security gap by focusing on the intention’s differences discussed in our findings.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Dang et al. (2013), "Contextual difference and intention to perform information security behaviours: a Protection Motivation Theory approach", ACIS 2013
Similar to Dang et al. (2013), "Contextual difference and intention to perform information security behaviours: a Protection Motivation Theory approach", ACIS 2013 (20)
Recently uploaded
Recently uploaded (20)
Dang et al. (2013), "Contextual difference and intention to perform information security behaviours: a Protection Motivation Theory approach", ACIS 2013
- 1. Contextual Difference and Intention to Perform Information Security Behaviours Against Malware in a BYOD Environment: a Protection Motivation Theory Approach Duy P.T. Dang, Siddhi Pittayachawan and Mathews Z. Nkhoma
- 2. Background: 1. Information security behavioural research is shifting its focus on transitioning intention and behaviours •Increase uses of personal mobile devices •Increase adoption of BYOD policy —> created more opportunities to use the Internet at anytime and any places for non-work activities 2
- 3. Background: Non-work activities are those that bring enjoyable experiences to the users (Li and Siponen 2011) •Young-adult Australian browses websites (90%), uses social network sites (71%), downloads audio and video content (33%) (ACMA 2013) •General Australian Internet users check emails frequently (95%), browse websites (88%) and download files (63%)
- 4. Background: 2. There are more malware threats on mobile devices targeting non-work activities • 23% of 30 billions spam contained malware links, increase of social engineering attacks etc. • 58% increase of mobile malware compared to 2011 (Symantec 2013) 4
- 5. The problem: With the increase uses of mobile devices and adoption of BYOD policy, currently we have no clue about whether the users may behave differently in different contexts and jeopardise online safety —> this research will explore this problem 5
- 6. Research question: •To what extent the impacts of the cognitive process on intention to perform malware avoidance behaviours have changed across the contexts? 6
- 7. Conceptual model Illustrated based on Protection Motivation Theory (Rogers 1975) 7
- 8. Methodology: • Method: Multiple-group SEM • Sample description: HE students using Internet in BYOD environment for non-work activities • Sample size: 252 8
- 9. Goodness of Fit: χ2(34) = 21.032; p = 0.960; RMSEA = 0.000; SRMR = 0.0302; CFI = 1.000 —> specified model fitted the data *Fit criteria p-value > 0.01; RMSEA < 0.06; SRMR < 0.07; CFI > 0.96 9
- 10. Reliability: Criteria for good reliability: ≥ 0.70 10
- 11. Findings 11
- 12. Small differences: Vulnerability on Intention: only existed in university context. Self-Efficacy on Intention: stronger in university context. Vulnerability on Response Cost: stronger in university context. (1) security loopholes at home (2) factors were perceived differently? Multiple facets or dimensions? 12
- 13. Inconsistent findings: Rewards positively influences Intention: inconsistent with previous studies and even the original theory. unique characteristics of HE students sample?
- 14. Implications for practice: • Established one of the first milestones that focuses on maintaining information security behaviours across contexts (rather than reinforcing in one context). • Raised awareness about the potential changes in how the users intend to perform information security behaviours. • Provided recommendations about designing and implementing security training and measures (from results of the extended conceptual model). 14
- 15. Implications for research: • Anticipated larger changes in intention to perform information security behaviours between contexts that involve work-related activities. 15
- 16. Implications for research: •Suggested the potential different meanings of selfefficacy and vulnerability.
- 17. Limitations: • Sample of HE students cannot represent the population Internet users (to represent the change of intention to perform across contexts) • Only tested 2/4 areas suggested by Li and Siponen (2011). 17
- 18. References: • ACMA. (2013), Communications report 2011–12 series, Report 3–Smartphones and tablets, Take-up and use in, Canberra. • Li, Y. and Siponen, M. (2011), “A CALL FOR RESEARCH ON HOME USERS’ INFORMATION SECURITY BEHAVIOUR,” 15th Pacific Asia Conference on Information Systems (PACIS). • Rogers, R.W. (1975), “A protection motivation theory of fear appeals and attitude change,” Journal of Psychology, no. 91, pp. 93–114. • Symantec. (2013), INTERNET SECURITY THREAT REPORT 2013, Moutain View, USA, Vol. 18. Retrieved from http://www.symantec.com/security_response/publications/threatreport.jsp 18
- 19. Q&A Further questions & comments please contact: duy.dangphamthien@rmit.edu.vn 19
Editor's Notes
- Information security behavioural research has been playing vital roles in keeping the online safety for both individuals and organisations. And it is the duty of the practitioners and academics to keep up with the rapid developments of technologies and propose new ways of ensuring the users would behave appropriate when encoutering cyber-threats The background of this research is set in the current situation of the information security landscape. Accordingly, Li and Siponen (2011) pointed out that the intention to perform info sec behaviours is becoming more transitioning. <explain transitioning> The reasons are that there is an increase number of personal mobile devices uses such as laptops, mobile phones and tablets. Second reason is companies and organisations are rapidly adopting BYOD policy. For instance, at RMIT University you can use your own devices to get access to the shared resources and applications.
- What is non-work activities Li and Siponen categorised work and non-work activities. Non-work are those that bring enjoyable experiences to the users.
- Explain PMT: PMT was originally used in medical research to help patients to keep healthy lifestyle. Recently it has been applied in info sec research such as intention to comply with regulations.
- Method: We ran SEM (simultaneously in 2 contexts) to measure the impacts of cognitive process on intention to perform malware avoidance behaviours; then We compared the regression effect sizes.
- DON’T CALL THEM BETA WEIGHTS, CALL THEM EFFECT SIZES
- users didn’t feel vulnerable at home and felt more supported at uni. Vulnerability failed to reduce Cost at home.