Human aspects of information security: An empirical study of intentional versus actual behavior
Abstract:Purpose ‐ A significant amount of empirical research has been conducted on the socio-economic (sociological, psychological, economic) aspects of information security, such as the phenomenon of individuals who are willing to take security measures, but often do not. There is a growing body of research relating to individual behaviour and decision making and the purpose of this paper is to analyze a survey on the behaviour of individuals who implement information security measures. Design/methodology/approach ‐ To promote effective information security measures, this paper refers to research on the psychology of persuasion from the field of social psychology. A survey was conducted into determinants for changing attitudes through persuasive messages, and the results were analysed. A questionnaire was used and the authors built a demonstrative experimental environment, which analysed in detail attitudinal changes in an individuals' behaviour. Findings ‐ The authors found differences in behaviour regarding the intent to implement measures discovered from the responses to the questionnaire as well as from actual conduct in the demonstrative experiment. Originality/value ‐ It is original to adopt a model defined by social psychology, especially Protection Motivation Theory and Elaborative Likelihood Model. The authors conducted both questionnaire survey and the psychological experiment.
Document Type: Research Article
Publication date: March 15, 2013