Assessing information security attitudes: a comparison of two studies
Abstract
Purpose
The purpose of this paper is to report on the use of two studies that assessed the attitudes of typical computer users. The aim of the research was to compare a self-reporting online survey with a set of one-on-one repertory grid technique interviews. More specifically, this research focussed on participant attitudes toward naive and accidental information security behaviours.
Design/methodology/approach
In the first study, 23 university students responded to an online survey within a university laboratory setting that captured their attitudes toward behaviours in each of seven focus areas. In the second study, the same students participated in a one-on-one repertory grid technique interview that elicited their attitudes toward the same seven behaviours. Results were analysed using Spearman correlations.
Findings
There were significant correlations for three of the seven behaviours, although attitudes relating to password management, use of social networking sites, information handling and reporting of security incidents were not significantly correlated.
Research limitations/implications
The small sample size (n = 23) and the fact that participants were not necessarily representative of typical employees, may have impacted on the results.
Practical implications
This study contributes to the challenge of developing a reliable instrument that will assess individual InfoSec awareness. Senior management will be better placed to design intervention strategies, such as training and education of employees, if individual attitudes are known. This, in turn, will reduce risk-inclined behaviour and a more secure organisation.
Originality/value
The literature review indicates that this study addresses a genuine gap in the research.
Keywords
Citation
Pattinson, M., Parsons, K., Butavicius, M., McCormac, A. and Calic, D. (2016), "Assessing information security attitudes: a comparison of two studies", Information and Computer Security, Vol. 24 No. 2, pp. 228-240. https://doi.org/10.1108/ICS-01-2016-0009
Publisher
:Emerald Group Publishing Limited
Copyright © 2016, Commonwealth of Australia