Please use this identifier to cite or link to this item:
Scopus Web of Science® Altmetric
Type: Journal article
Title: Assessing information security attitudes: a comparison of two studies
Author: Pattinson, M.
Parsons, K.
Butavicius, M.
McCormac, A.
Calic, D.
Citation: Information and Computer Security, 2016; 24(2):228-240
Publisher: Emerald Group Publishing
Issue Date: 2016
ISSN: 2056-4961
Statement of
Malcolm Pattinson, Kathryn Parsons, Marcus Butavicius, Agata McCormac, Dragana Calic
Abstract: Purpose – The purpose of this paper is to report on the use of two studies that assessed the attitudes of typical computer users. The aim of the research was to compare a self-reporting online survey with a set of one-on-one repertory grid technique interviews. More specifically, this research focussed on participant attitudes toward naive and accidental information security behaviours. Design/methodology/approach – In the first study, 23 university students responded to an online survey within a university laboratory setting that captured their attitudes toward behaviours in each of seven focus areas. In the second study, the same students participated in a one-on-one repertory grid technique interview that elicited their attitudes toward the same seven behaviours. Results were analysed using Spearman correlations. Findings – There were significant correlations for three of the seven behaviours, although attitudes relating to password management, use of social networking sites, information handling and reporting of security incidents were not significantly correlated. Research limitations/implications – The small sample size (n 23) and the fact that participants were not necessarily representative of typical employees, may have impacted on the results. Practical implications – This study contributes to the challenge of developing a reliable instrument that will assess individual InfoSec awareness. Senior management will be better placed to design intervention strategies, such as training and education of employees, if individual attitudes are known. This, in turn, will reduce risk-inclined behaviour and a more secure organisation. Originality/value – The literature review indicates that this study addresses a genuine gap in the research.
Keywords: Theory of planned behaviour; Information Security (InfoSec); InfoSec behaviour; Repertory Grid Technique (RGT)
Rights: © Commonwealth of Australia
DOI: 10.1108/ICS-01-2016-0009
Appears in Collections:Aurora harvest 3
Business School publications

Files in This Item:
File Description SizeFormat 
  Restricted Access
Restricted Access251.63 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.