Search results

1 – 10 of over 30000
Article
Publication date: 6 November 2017

Xiao Juan Zhang, Zhenzhen Li and Hepu Deng

Understanding user behavior is increasingly critical for information security in the use of smartphones. There is, however, lack of empirical studies about the behavior of…

1484

Abstract

Purpose

Understanding user behavior is increasingly critical for information security in the use of smartphones. There is, however, lack of empirical studies about the behavior of smartphone users for information security in China. The purpose of this paper is to present an empirical analysis of the behavior of smartphone users in China in relation to information security.

Design/methodology/approach

A review of the related literature is conducted, leading to the development of a questionnaire for investigating the behavior of smartphone users. An online survey of the smartphone users in China is conducted. The collected data are analyzed with the use of descriptive analysis and Pearson’s chi-square test to better understand the behavior of smartphone users on information security.

Findings

The paper shows that there are serious concerns about information security in the use of smartphones in China including the ignorance of security information in downloading and using applications, inadequate phone settings, inappropriate enabling of add-on utilities and lack of proper disaster recovery plans. The study also reveals that there is a significant difference between different groups of users on information security in smartphone use.

Research limitations/implications

This paper is based on a purposeful sample of smartphone users in China. It is exploratory in nature.

Practical implications

The paper can lead to a better understanding of the behavior of smartphone users and information security in China and provide relevant government departments and institutions with useful information for developing appropriate strategies and policies and designing specific training programs to improve information security in the smartphone use.

Originality/value

This paper is the first of this kind to collect quantitative data from users in China for better understanding the behavior of smartphone users on information security. It provides insight towards the adoption of various measures for information security from the perspective of smartphone users in China.

Details

The Electronic Library, vol. 35 no. 6
Type: Research Article
ISSN: 0264-0473

Keywords

Article
Publication date: 2 January 2020

Pintu Shah and Anuja Agarwal

For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less…

1296

Abstract

Purpose

For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less experience in handling security threats like malware as compared to users of other countries who have gone through the learning curve of handling such security threats using other Internet-enabled devices such as laptop and desktop. Because of this, the inexperienced Indian smartphone user may be vulnerable to Internet-related security breaches, as compared to the citizens of developed economies. Hence, it is essential to understand the attitude, behaviour and security practices of smartphone users in India. Limited research is available about the security behaviour of smartphone users in India as the majority of research in this domain is done outside India.

Design/methodology/approach

In this empirical study, the researchers identified 28 cybersecurity behaviours and practices through a survey of relevant literature. An online survey of identified cybersecurity behaviours and practices was administered to 300 smartphone users. Frequency analysis of the respondent data was done to understand the adoption of recommended cybersecurity behaviours and practices. Pearson’s chi-square with 5% level of significance has been used to test the hypotheses. Post hoc analysis with Bonferroni correction was conducted for statistically significant associations.

Findings

Overall, the respondents did not exhibit good cybersecurity behaviour. Respondents have adopted some of the most popular security features of the smartphone such as the use of screen lock. However, respondents have not adopted or are not aware of the technical security controls such as encryption and remote wipe. Statistically significant differences were found between the cybersecurity behaviour and practices and independent variables such as gender, age, mobile operating system (OS) and mother tongue. Respondents reported high level of motivation to protect their device and data, whereas they reported moderate level of threat awareness and the ability to protect to their device and data. Results of the comparative analysis with a similar study in China and the USA are also reported in this study.

Research limitations/implications

The main limitations of this study are as follows: the respondents' perceptions about their cybersecurity behaviours and practices were measured as opposed to their actual behaviours and practices and the generalizability of the study is limited because the sample size is small as compared to the total number of smartphone users in India.

Practical implications

The findings of this study may be useful for the design of effective cybersecurity prevention and intervention programs for general smartphone users of India.

Originality/value

This study provides an insight about cybersecurity behaviour of smartphone users in India. To the knowledge of the researchers, this is the first study to collect such quantitative data of smartphone users in India for a better understanding of the cybersecurity behaviours and practices. This study identified 28 cybersecurity behaviours and practices, which smartphone users should follow to improve cybersecurity.

Details

Information & Computer Security, vol. 28 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 9 July 2018

Manal Alohali, Nathan Clarke, Fudong Li and Steven Furnell

The end-user has frequently been identified as the weakest link; however, motivated by the fact that different users react differently to the same stimuli, identifying the reasons…

1003

Abstract

Purpose

The end-user has frequently been identified as the weakest link; however, motivated by the fact that different users react differently to the same stimuli, identifying the reasons behind variations in security behavior and why certain users could be “at risk” more than others is a step toward protecting and defending users against security attacks. This paper aims to explore the effect of personality trait variations (through the Big Five Inventory [BFI]) on users’ risk level of their intended security behaviors. In addition, age, gender, service usage and information technology (IT) proficiency are analyzed to identify what role and impact they have on behavior.

Design/methodology/approach

The authors developed a quantitative-oriented survey that was implemented online. The bi-variate Pearson two-tailed correlation was used to analyze survey responses.

Findings

The results obtained by analyzing 538 survey responses suggest that personality traits do play a significant role in affecting users’ security behavior risk levels. Furthermore, the results suggest that BFI score of a trait has a significant effect as users’ online personality is linked to their offline personality, especially in the conscientiousness personality trait. Additionally, this effect was stronger when personality was correlated with the factors of IT proficiency, gender, age and online activity.

Originality/value

The contributions of this paper are two-fold. First, with the aid of a large population sample, end-users’ security practice is assessed from multiple domains, and relationships were found between end-users’ risk-taking behavior and nine user-centric factors. Second, based upon these findings, the predictive ability for these user-centric factors were evaluated to determine the level of risk a user is subject to from an individual behavior perspective. Of 28 behaviors, 11 were found to have a 60 per cent or greater predictive ability, with the highest classification of 92 per cent for several behaviors. This provides a basis for organizations to use behavioral intent alongside personality traits and demographics to understand and, therefore, manage the human aspects of risk.

Details

Information & Computer Security, vol. 26 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 14 March 2016

Amit Das and Habib Ullah Khan

– This paper aims to report on the information security behaviors of smartphone users in an affluent economy of the Middle East.

3661

Abstract

Purpose

This paper aims to report on the information security behaviors of smartphone users in an affluent economy of the Middle East.

Design/methodology/approach

A model based on prior research, synthesized from a thorough literature review, is tested using survey data from 500 smartphone users representing three major mobile operating systems.

Findings

The overall level of security behaviors is low. Regression coefficients indicate that the efficacy of security measures and the cost of adopting them are the main factors influencing smartphone security behaviors. At present, smartphone users are more worried about malware and data leakage than targeted information theft.

Research limitations/implications

Threats and counter-measures co-evolve over time, and our findings, which describe the state of smartphone security at the current time, will need to be updated in the future.

Practical implications

Measures to improve security practices of smartphone users are needed urgently. The findings indicate that such measures should be broadly effective and relatively costless for users to implement.

Social implications

Personal smartphones are joining enterprise networks through the acceptance of Bring-Your-Own-Device computing. Users’ laxity about smartphone security thus puts organizations at risk.

Originality/value

The paper highlights the key factors influencing smartphone security and compares the situation for the three leading operating systems in the smartphone market.

Details

Information & Computer Security, vol. 24 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 11 February 2019

Mutlaq Jalimid Alotaibi, Steven Furnell and Nathan Clarke

It is widely acknowledged that non-compliance of employees with information security polices is one of the major challenges facing organisations. This paper aims to propose a…

Abstract

Purpose

It is widely acknowledged that non-compliance of employees with information security polices is one of the major challenges facing organisations. This paper aims to propose a model that is intended to provide a comprehensive framework for raising the level of compliance amongst end-users, with the aim of monitoring, measuring and responding to users’ behaviour with an information security policy.

Design/methodology/approach

The proposed model is based on two main concepts: a taxonomy of the response strategy to non-compliant behaviour and a compliance points system. The response taxonomy comprises two categories: awareness raising and enforcement of the security policy. The compliance points system is used to reward compliant behaviour and penalise non-compliant behaviour.

Findings

A prototype system has been developed to simulate the proposed model and work as a real system that responds to the behaviour of users (reflecting both violations and compliance behaviour). In addition, the model has been evaluated by interviewing experts from academic and industry. They considered the proposed model to offers a novel approach for managing end users’ behaviour with the information security policies.

Research limitations/implications

Psychological factors were out of the research scope at this stage. The proposed model may have some psychological impacts upon users; therefore, this issue needs to be considered by studying the potential impacts and the best solutions.

Originality/value

Users being compliant with the information security policies of their organisation is the key to strengthen information security. Therefore, when employees have a good level of compliance with security policies, this positively affects the overall security of an organisation.

Details

Information & Computer Security, vol. 27 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 27 June 2020

Esther Dzidzah, Kwame Owusu Kwateng and Benjamin Kofi Asante

The inception of mobile financial services (MFSs) has positively provoked economic growth and productivity, nonetheless, it has pessimistically caused an upward surge in…

Abstract

Purpose

The inception of mobile financial services (MFSs) has positively provoked economic growth and productivity, nonetheless, it has pessimistically caused an upward surge in cybersecurity threat. Customers are progressively becoming conscious of some of the threat and several of them now shun away from some suspicious activities over the internet as a form of protection. This study aims to explore the factors that influence users’ to adopt security behaviour.

Design/methodology/approach

A synthesis of theories – Self-efficacy and technology threat avoidance theories – was used to examine the security behaviour of users of MFSs. Data was gathered from 530 students in Ghana using convenience sampling technique. Data analysis was carried out using descriptive statistics, inferential statistics and structural equation model.

Findings

Outcome of the investigation indicate that both mastery experience and verbal persuasion have substantial effect on the avoidance motivation of MFSs users. It was, however, found that emotional state and vicarious experience of users do not influence their avoidance motivation. Also, it was established that avoidance motivation is a positive prognosticator of avoidance behaviour.

Practical implications

Understanding the security behaviour of MFS users will help the operators to outline strategies to sustain the successes achieved.

Originality/value

Studies on user security behaviour are rare, especially in sub Saharan Africa, thus, this study will contribute to extant literature by adding a new dimension of user security behaviour.

Article
Publication date: 11 November 2019

Anthony Duke Giwah, Ling Wang, Yair Levy and Inkyoung Hur

The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user…

1187

Abstract

Purpose

The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology.

Design/methodology/approach

This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening.

Findings

This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users’ protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security.

Originality/value

This study makes theoretical contributions to the existing information security literature. It confirms PM theory’s power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users’ actual security usage. Thus, it goes beyond users’ intention.

Details

Journal of Intellectual Capital, vol. 21 no. 2
Type: Research Article
ISSN: 1469-1930

Keywords

Article
Publication date: 11 October 2011

Dan Harnesk and John Lindström

The purpose of this paper is to broaden the understanding about security behaviour by developing a security behaviour typology based on the concepts of discipline and agility.

3254

Abstract

Purpose

The purpose of this paper is to broaden the understanding about security behaviour by developing a security behaviour typology based on the concepts of discipline and agility.

Design/methodology/approach

A case study was designed to analyze security behaviours in one public nursing centre. The inquiry was organized around the themes discipline and agility, culture, and security processes in order to get an in‐depth understanding of the complex relationship between security management, referred to as discipline, and security in use, referred to as agility.

Findings

The paper shows that security behaviour can be shaped by discipline and agility and that both can exist collectively if organizations consider the constitutional and existential aspects of information security (IS) management.

Practical implications

This research makes a pivotal stand for the issue how security behaviours narrate a broad picture to enhance IS management. In particular, this will improve design of IS training and awareness programs.

Originality/value

This research is relevant to IS management in organizations, particularly as behavioural and cultural aspects are becoming increasingly significant for maintaining and also designing systemic IS management.

Details

Information Management & Computer Security, vol. 19 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 12 October 2015

Bukelwa Ngoqo and Stephen V. Flowerday

The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor…

Abstract

Purpose

The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely, awareness and behavioural intent. This paper proposes that the knowing-and-doing gap can possibly be reduced by addressing both awareness and behavioural intent. This research paper explores the relationship between student mobile phone user information security awareness and behavioural intent in a developmental university in South Africa.

Design/methodology/approach

Information security awareness interventions were implemented in this action research study, and student information security behavioural intent was observed after each cycle.

Findings

The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context, as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Existing researchers in the field of information security still grapple with the “knowing-and-doing” gap, where user information security knowledge/awareness sometimes does not result in safer behavioural practises.

Originality/value

Zhang et al. (2009) suggest that understanding human behaviour is important when dealing with the problems caused by human errors. Harnesk and Lindstrom (2011) expressed a concern that existing research does not address the interlinked relationship between anticipated security behaviour and the enactment of security procedures. This study acknowledges Choi et al. (2008) contribution in their discussions on the “knowing-and-doing gap” suggests a link between awareness and actual behaviour that is confirmed by the findings of this study.

Details

Information & Computer Security, vol. 23 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 3 April 2018

Neil F. Doherty and Sharul T. Tajuddin

The purpose of this paper is to fill a gap in the literature, by investigating the relationship between users’ perceptions of the value of the information that they are handling…

1251

Abstract

Purpose

The purpose of this paper is to fill a gap in the literature, by investigating the relationship between users’ perceptions of the value of the information that they are handling, and their resultant level of compliance with their organisation’s information security policies. In so doing, the authors seek to develop a theory of value-driven information security compliance.

Design/methodology/approach

An interpretive, grounded theory research approach has been adopted to generate a qualitative data set, based upon the results of 55 interviews with key informants from governmental agencies based within Brunei Darussalam, complemented by the results of seven focus groups. The interviews and focus groups were conducted in two phases, so that the results of the first phase could be used to inform the second phase data collection exercise, and the thematic analysis of the research data was conducted using the NVivo 11-Plus software.

Findings

The findings suggest that, when assigning value to their information, users take into account the views of members of their immediate work-group and the espoused views of their organisation, as well as a variety of contextual factors, relating to culture, ethics and education. Perhaps more importantly, it has been demonstrated that the users’ perception of information value has a marked impact upon their willingness to comply with security policies and protocols.

Research limitations/implications

Although the authors have been able to develop a rich model of information value and security compliance, the qualitative nature of this research means that it has not been tested, in the numerical sense. However, this study still has important implications for both research and practice. Specifically, researchers should consider users’ perceptions of information value, when conducting future studies of information security compliance.

Practical implications

Managers and practitioners will be better able to get their colleagues to comply with information security protocols, if they can take active steps to convince them that the information that they are handling is a valuable organisational resource, which needs to be protected.

Originality/value

The central contribution is a novel model of information security compliance that centre stages the role of the users’ perceptions of information value, as this is a factor which has been largely ignored in contemporary accounts of compliance behaviour. This study is also original, in that it fills a methodological gap, by balancing the voices of both user representatives and senior organisational stakeholders, in a single study.

1 – 10 of over 30000