WHAT INFLUENCES INFORMATION SECURITY BEHAVIOR? A STUDY WITH BRAZILIAN USERS

Klein, Rodrigo Hickmann; Luciano, Edimara Mezzomo

doi:10.4301/S1807-17752016000300007

Acessibilidade / Reportar erro

Brasil

JISTEM - Journal of Information Systems and Technology Management

Español English

Brasil

Español English

sumário « anterior atual seguinte »

Sumário

Articles • JISTEM J.Inf.Syst. Technol. Manag. 13 (3) • Sep-Dec 2016 • https://doi.org/10.4301/S1807-17752016000300007 copy

WHAT INFLUENCES INFORMATION SECURITY BEHAVIOR? A STUDY WITH BRAZILIAN USERS

Authorship SCIMAGO INSTITUTIONS RANKINGS

ABSTRACT

The popularization of software to mitigate Information Security threats can produce an exaggerated notion about its full effectiveness in the elimination of any threat. This situation can result reckless users behavior, increasing vulnerability. Based on behavioral theories, a theoretical model and hypotheses were developed to understand the extent to which human perception of threat, control and disgruntlement can induce responsible behavior. A self-administered questionnaire was created and validated. The data were collected in Brazil, and complementary results regarding similar studies conducted in USA were found. The results show that there is an influence of information security orientations provided by organizations in the perception about severity of the threat. The relationship between threat, effort, control and disgruntlement, and the responsible behavior towards information security was verified through linear regression. The results also point out the significant influence of the analyzed construct on Safe Behavior. The contributions involve relatively new concepts in the field and a new research instrument as well. For the practitioners, this study highlights the importance of Perceived Severity and Perceived Susceptibility in the formulation of the content of Information Security awareness guidelines within organizations. Moreover, users' disgruntlement with the organization, colleagues or superiors is a factor to be considered in the awareness programs.

Keywords:
Information Security; Safe Behavior; Users' behavior; Brazilian users; threats

Construct	Variables	Cronbach's Alpha
Threat Susceptibility	SUS1, SUS2, SUS3	0.857
Disgruntlement	DESC1, DESC2, DESC3	0.819
Punishment Severity	PUNSEV2, PUNSEV3	0.852
Safe Behavior	BEH1, BEH2, BEH3	0.725
Certainty of detection	DETCERT1, DETCERT2	0.684
Threat Severity	SEV1 SEV3	0.615
Effort in Safeguarding	PSC2 PSC3 and PSC4^* * Optional questions	0.591

Variables	Factors^* * Rotation converged in 5 iterations; Extraction Method: Principal Components Analysis; Rotation Method: Varimax with Kaiser Normalization
Variables	1 (SUS)	2 (DESC)	3 (PUNSEV)	4 (DECERT)	5 (SEV)
SUS1	0.894	-0.031	-0.148	0.080	0.146
SUS2	0.868	-0.085	-0.092	-0.003	0.060
SUS3	0.854	0.056	-0.003	-0.081	0.046
DESC1	0.015	0.875	0.023	0.054	-0.106
DESC2	-0.102	0.861	-0.133	-0.095	0.115
DESC3	0.029	0.819	0.168	0.091	0.175
PUNSEV3	-0083	0025	0899	0108	0203
PUNSEV2	-0.142	0.011	0.890	0.208	0.111
DETCERT1	0.077	-0.105	0.121	0.900	0.002
DETCERT2	-0.121	0.212	0.220	0.774	0.285
SEV1	0.223	-0.005	0.052	0.153	0.821
SEV3	0.022	0.152	0.282	0.052	0.792

TECSI Laboratório de Tecnologia e Sistemas de Informação - FEA/USP Av. Prof. Luciano Gualberto, 908 FEA 3, 05508-900 - São Paulo/SP Brasil, Tel.: +55 11 2648 6389, +55 11 2648 6364 - São Paulo - SP - Brazil
E-mail: jistemusp@gmail.com

Acompanhe os números deste periódico no seu leitor de RSS

[1] Rodrigo Hickmann Klein, Pontifícia Universidade Católica do Rio Grande do Sul, Rio Grande do Sul, Brasil Mestre e Doutorando em Administração, Programa de Pós-Graduação em Administração Pontifícia Universidade Católica do Rio Grande do Sul E-mail: rodrigo.hickmann@acad.pucrs.br