Current studentsExisting staffContact us
 

Naïve and accidental behaviours that compromise information security: what the experts think

Date

2016

Authors

Calic, D.
Pattinson, M.
Parsons, K.
Butavicius, M.
McCormac, A.

Editors

Clarke, N.
Furnell, S.

Advisors

Journal Title

Journal ISSN

Volume Title

Type:

Conference paper

Citation

Proceedings of the 10th International Symposium on Human Aspects of Information Security & Assurance, 2016 / Clarke, N., Furnell, S. (ed./s), pp.12-21

Statement of Responsibility

Dragana Calic, Malcolm Pattinson, Kathryn Parsons, Marcus Butavicius, Agata McCormac

Conference Name

10th International Symposium on Human Aspects of Information Security & Assurance (HAISA) (19 Jul 2016 - 21 Jul 2016 : Frankfurt, Germany)

Abstract

The aim of the present study was twofold. First it aimed to elicit Information Security (InfoSec) experts’ perceptions about the most important naïve and accidental behaviours that could compromise the InfoSec of an organisation. The second aim was to use these findings to assess the relevance of behaviours that are currently measured by the Human Aspects of Information Security Questionnaire (HAIS-Q), with the intention to further validate the instrument. We employed a qualitative, focus group data collection approach, which enabled rich discussion with InfoSec experts. Fifteen InfoSec experts were asked: “What naïve and accidental behaviours could compromise the information security of an organisation?” They brainstormed, discussed and rated the most important behaviours. According to these experts, the three most important behaviours were sharing passwords, not considering the consequences of Social Media (SM), and oversharing information on SM. It was also found that, of the eleven most important behaviours, rated by the InfoSec experts, eight were part of the HAIS-Q. Furthermore, discussions emphasised the notion of human naivety, lending support to the focus on naïve and accidental behaviours. Finally, our findings demonstrate that behaviours measured by the HAIS-Q are relevant, providing validation for the HAIS-Q.

School/Discipline

Dissertation Note

Provenance

Description

Access Status

Rights

© 2016 Plymouth Univeristy. All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means - electronic, mechanical, photocopy, recording or otherwise, without the prior written permission of the publisher or distributor

License

Grant ID

Published Version

https://www.cscan.org/default.asp?page=openaccess&eid=17&id=279

Call number

Persistent link to this record

http://hdl.handle.net/2440/105236