Contextual Difference and Intention to
Perform Information Security Behaviours
Against Malware in a BYOD Environment: a
Pr...
Background:
1. Information security behavioural research is shifting its
focus on transitioning intention and behaviours
•...
Background:
Non-work activities are those that bring enjoyable experiences to
the users (Li and Siponen 2011)
•Young-adult...
Background:
2. There are more malware threats on mobile devices
targeting non-work activities
• 23% of 30 billions spam co...
The problem:
With the increase uses of mobile devices and adoption
of BYOD policy, currently we have no clue about
whether...
Research question:
•To what extent the impacts of the cognitive process
on intention to perform malware avoidance
behaviou...
Conceptual
model
Illustrated based on Protection
Motivation Theory (Rogers 1975)

7
Methodology:
• Method: Multiple-group SEM
• Sample description: HE students using Internet in
BYOD environment for non-wor...
Goodness of Fit:
χ2(34) = 21.032; p = 0.960; RMSEA = 0.000; SRMR = 0.0302;
CFI = 1.000 —> specified model fitted the data
...
Reliability:
Criteria for good reliability: ≥ 0.70

10
Findings

11
Small differences:
Vulnerability on Intention: only existed in university context.
Self-Efficacy on Intention: stronger in...
Inconsistent findings:
Rewards positively influences Intention: inconsistent
with previous studies and even the original t...
Implications for practice:
• Established one of the first milestones that focuses on
maintaining information security beha...
Implications for
research:
• Anticipated larger
changes in intention to
perform information
security behaviours
between co...
Implications for research:

•Suggested the potential different meanings of selfefficacy and vulnerability.
Limitations:
• Sample of HE students cannot represent the
population Internet users (to represent the
change of intention ...
References:
• ACMA. (2013), Communications report 2011–12 series, Report 3–Smartphones
and tablets, Take-up and use in, Ca...
Q&A
Further questions & comments please contact:
duy.dangphamthien@rmit.edu.vn

19
Upcoming SlideShare
Loading in …5
×

Dang et al. (2013), "Contextual difference and intention to perform information security behaviours: a Protection Motivation Theory approach", ACIS 2013

293 views

Published on

The research domain of end-user’s information security behaviours has been gaining much attention over the recent years. While the nature of intention to perform information security behaviours are being revealed, there are still gaps in this area. In particular, few studies have addressed whether such intention remains across contexts, especially from home to public places. Secondly, the amount of the cyber-threats swells with the increase of personal devices with the rapid adoption of the BYOD trend. This research employed MSEM methods to develop a conceptual model based on Protection Motivation Theory by using data collected from 252 higher education students in a BYOD Australian university. Our findings confirmed and explored in details how intention to perform information security behaviours varied due to the change of context. Academics and practitioners could mitigate the security gap by focusing on the intention’s differences discussed in our findings.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
293
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Information security behavioural research has been playing vital roles in keeping the online safety for both individuals and organisations. And it is the duty of the practitioners and academics to keep up with the rapid developments of technologies and propose new ways of ensuring the users would behave appropriate when encoutering cyber-threats
    The background of this research is set in the current situation of the information security landscape. Accordingly, Li and Siponen (2011) pointed out that the intention to perform info sec behaviours is becoming more transitioning. <explain transitioning>
    The reasons are that there is an increase number of personal mobile devices uses such as laptops, mobile phones and tablets. Second reason is companies and organisations are rapidly adopting BYOD policy. For instance, at RMIT University you can use your own devices to get access to the shared resources and applications.
  • What is non-work activities
    Li and Siponen categorised work and non-work activities. Non-work are those that bring enjoyable experiences to the users.
  • Explain PMT:
    PMT was originally used in medical research to help patients to keep healthy lifestyle. Recently it has been applied in info sec research such as intention to comply with regulations.
  • Method:
    We ran SEM (simultaneously in 2 contexts) to measure the impacts of cognitive process on intention to perform malware avoidance behaviours; then
    We compared the regression effect sizes.
  • DON’T CALL THEM BETA WEIGHTS, CALL THEM EFFECT SIZES
  • users didn’t feel vulnerable at home and felt more supported at uni. Vulnerability failed to reduce Cost at home.
  • Dang et al. (2013), "Contextual difference and intention to perform information security behaviours: a Protection Motivation Theory approach", ACIS 2013

    1. 1. Contextual Difference and Intention to Perform Information Security Behaviours Against Malware in a BYOD Environment: a Protection Motivation Theory Approach Duy P.T. Dang, Siddhi Pittayachawan and Mathews Z. Nkhoma
    2. 2. Background: 1. Information security behavioural research is shifting its focus on transitioning intention and behaviours •Increase uses of personal mobile devices •Increase adoption of BYOD policy —> created more opportunities to use the Internet at anytime and any places for non-work activities 2
    3. 3. Background: Non-work activities are those that bring enjoyable experiences to the users (Li and Siponen 2011) •Young-adult Australian browses websites (90%), uses social network sites (71%), downloads audio and video content (33%) (ACMA 2013) •General Australian Internet users check emails frequently (95%), browse websites (88%) and download files (63%)
    4. 4. Background: 2. There are more malware threats on mobile devices targeting non-work activities • 23% of 30 billions spam contained malware links, increase of social engineering attacks etc. • 58% increase of mobile malware compared to 2011 (Symantec 2013) 4
    5. 5. The problem: With the increase uses of mobile devices and adoption of BYOD policy, currently we have no clue about whether the users may behave differently in different contexts and jeopardise online safety —> this research will explore this problem 5
    6. 6. Research question: •To what extent the impacts of the cognitive process on intention to perform malware avoidance behaviours have changed across the contexts? 6
    7. 7. Conceptual model Illustrated based on Protection Motivation Theory (Rogers 1975) 7
    8. 8. Methodology: • Method: Multiple-group SEM • Sample description: HE students using Internet in BYOD environment for non-work activities • Sample size: 252 8
    9. 9. Goodness of Fit: χ2(34) = 21.032; p = 0.960; RMSEA = 0.000; SRMR = 0.0302; CFI = 1.000 —> specified model fitted the data *Fit criteria p-value > 0.01; RMSEA < 0.06; SRMR < 0.07; CFI > 0.96 9
    10. 10. Reliability: Criteria for good reliability: ≥ 0.70 10
    11. 11. Findings 11
    12. 12. Small differences: Vulnerability on Intention: only existed in university context. Self-Efficacy on Intention: stronger in university context. Vulnerability on Response Cost: stronger in university context. (1) security loopholes at home (2) factors were perceived differently? Multiple facets or dimensions? 12
    13. 13. Inconsistent findings: Rewards positively influences Intention: inconsistent with previous studies and even the original theory.  unique characteristics of HE students sample?
    14. 14. Implications for practice: • Established one of the first milestones that focuses on maintaining information security behaviours across contexts (rather than reinforcing in one context). • Raised awareness about the potential changes in how the users intend to perform information security behaviours. • Provided recommendations about designing and implementing security training and measures (from results of the extended conceptual model). 14
    15. 15. Implications for research: • Anticipated larger changes in intention to perform information security behaviours between contexts that involve work-related activities. 15
    16. 16. Implications for research: •Suggested the potential different meanings of selfefficacy and vulnerability.
    17. 17. Limitations: • Sample of HE students cannot represent the population Internet users (to represent the change of intention to perform across contexts) • Only tested 2/4 areas suggested by Li and Siponen (2011). 17
    18. 18. References: • ACMA. (2013), Communications report 2011–12 series, Report 3–Smartphones and tablets, Take-up and use in, Canberra. • Li, Y. and Siponen, M. (2011), “A CALL FOR RESEARCH ON HOME USERS’ INFORMATION SECURITY BEHAVIOUR,” 15th Pacific Asia Conference on Information Systems (PACIS). • Rogers, R.W. (1975), “A protection motivation theory of fear appeals and attitude change,” Journal of Psychology, no. 91, pp. 93–114. • Symantec. (2013), INTERNET SECURITY THREAT REPORT 2013, Moutain View, USA, Vol. 18. Retrieved from http://www.symantec.com/security_response/publications/threatreport.jsp 18
    19. 19. Q&A Further questions & comments please contact: duy.dangphamthien@rmit.edu.vn 19

    ×