- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 11 to 17 of 17 (0.034 seconds)| 11 |
Impact of demographic factors on information security awareness : a study on professionals and students in SwedenOjala Burman, Emma January 2021 (has links)
Over the past year, cyberattacks have increased and one of the reasons is a lack of security awareness in society. The Covid-19 pandemic has forced a drastic change in working conditions and the most prominent shift is that many people had to start working from home. From an information security perspective, this places great demands on the individual since they are not protected by their organization's security solutions in the same degree as in the physical office space. This is being exploited by cybercriminals and the issue of focusing on the human aspect of information security is becoming more essential. Education is used to increase information security awareness (ISA), which in turn leads to improved security behavior. Through education, organizations can therefore reduce the risk of being exposed to various cyberattacks. To develop training programs within information security, one should look for the underlying factors that have an impact on ISA. Therefore, the purpose of this study is to see if demographic factors have any impact on ISA among Swedish professionals and students. The study is based on a quantitative survey in which a total of 157 professionals and students participated. The study was conducted using The Human Aspects of Information Security Questionnaire (HAIS-Q), which is a validated questionnaire developed to measure ISA. The results of the study strengthen previous findings that knowledge about security policies is a crucial factor for a high ISA. In addition, age and level of education also show an impact on ISA. Information about underlying factors that impact ISA can be useful when designing training programs in information security for Swedish professionals and students.
|
| 12 |
Empirical Assessment of Mobile Device Users’ Information Security Behavior towards Data Breach: Leveraging Protection Motivation TheoryGiwah, Anthony Duke 01 January 2019 (has links)
User information security behavior has been an area of growing demand in information systems (IS) research. Unfortunately, most of the previous research done in user information security behavior have been in broad contexts, therefore creating a gap in the literature of similar research that focuses on specific emerging technologies and trends. With the growing reliance on mobile devices to increase the flexibility, speed and efficiency in how we work, communicate, shop, seek information and entertain ourselves, it is obvious that these devices have become data warehouses and platform for data in transit.
This study was an empirical and quantitative study that gathered data leveraging a web-survey. Prior to conducting the survey for the main data collection, a Delphi study and pilot study were conducted. Convenience sampling was the category of nonprobability sampling design used to gather data. The 7-Point Likert Scale was used on all survey items. Pre-analysis data screening was conducted prior to data analysis. The Partial Least Square Structural Equation Modeling (PLS-SEM) was used to analyze the data gathered from a total of 390 responses received.
The results of this study showed that perceived threat severity has a negative effect on protection motivation, while perceived threat susceptibility has a positive effect on protection motivation. Contrarily, the results from this study did not show that perceived response cost influences protection motivation. Response efficacy and mobile self-efficacy had a significant positive influence on protection motivation. Mobile device security usage showed to be significantly influenced positively by protection motivation. This study brings additional insight and theoretical implications to the existing literature. The findings reveal the PMT’s capacity to predict user behavior based on threat and coping appraisals within the context of mobile device security usage. Additionally, the extension of the PMT for the research model of this study implies that mobile devices users also can take recommended responses to protect their devices from security threats.
|
| 13 |
User Information Security Behavior in Professional Virtual Communities: A Technology Threat Avoidance ApproachForrester, Vivienne 01 January 2019 (has links)
The popularization of professional virtual communities (PVCs) as a platform for people to share experiences and knowledge has produced a paradox of convenience versus security. The desire to communicate results in disclosure where users experience ongoing professional and social interaction. Excessive disclosure and unsecured user security behavior in PVCs increase users’ vulnerability to technology threats. Nefarious entities frequently use PVCs such as LinkedIn to launch digital attacks. Hence, users are faced with a gamut of technology threats that may cause harm to professional and personal lives. Few studies, however, have examined users’ information security behavior and their motivation to engage in technology threat avoidance behavior in a PVC.
This study tested a professional virtual community technology threat avoidance model empirically. The model was developed from the conceptualization of different aspects of the technology threat avoidance theory, social cognitive theory, and involvement theory through an integrated approach. This quantitative study employed a random sampling methodology. Prior to collecting data for the main study an expert panel review and a pilot study were conducted. A web-based survey designed with a 5-point Likert scale was distributed to 1285 LinkedIn members to gather self-reported data on users’ technology threat avoidance behavior. Confirmatory factor analysis (CFA) and structural equation modeling (SEM) were used to analyze the data gathered from 380 respondents.
The results of the data analysis revealed that perceived susceptibility, perceived severity, and information security knowledge sharing are strong predictors of avoidance motivation. Information security knowledge sharing had the most significant predicting effect on avoidance motivation in PVCs. Also, self-efficacy, group norms, and avoidance motivation all have a significant predicting effect on users’ information security avoidance behavior in PVCs. However, information security experience and safeguarding measure cost do not have a significant predicting effect on users’ information security avoidance motivation. This study makes significant contributions to the IS body of knowledge and has implications for practitioners and academics. This study offers a comprehensive model through the integration of behavioral and cognitive theories to better understand user information security behavior in PVCs. The model also identifies essential elements to motivate users to engage in technology threat avoidance behavior.
|
| 14 |
Risk Management Strategies to Prevent and Mitigate Emerging Operational Security ThreatsLarrimore, Nancy Page 01 January 2018 (has links)
Dependence on technology brings security compromises that have become a global threat that costs businesses millions of dollars. More than 7.6 million South Carolinians incurred effects from the 162 security breaches reported in 2011-2015. The purpose of this multiple case study was to explore the risk management strategies small business leaders use to prevent and mitigate operational security threats that produce financial losses. The population for this study consisted of 6 business leaders in South Carolina who have demonstrated successful experience in preventing and mitigating operational security threats. Transformational leadership theory provided the conceptual framework for exploring the overreaching research question. Data collection consisted of semistructured interviews with each participant and the collection of company documents that pertained to security procedures, audits, and reviews. Conducting semistructured interviews allowed participants to provide details of real-life experiences. Recorded interviews and transcriptions were analyzed through Moustakas's modified van Kaam method of analysis to identify emerging topics. The 4 themes that emerged were: (a) operational security training and awareness, (b) operational security culture and behavioral effects, (c) operational security policy and compliance, and (d) operational security challenges and risk management. By developing strategies and processes that reflect these themes, small business leaders can reduce financial losses to improve profitability and reduce unemployment, achieving social changes that can benefit society as a whole.
|
| 15 |
Faktorer som påverkar säkerhetsbeteende: En litteraturstudie utifrån UMISPC-modellenSegergren, Olof, Båtelsson, Herman January 2022 (has links)
En av de säkerhetsrisker som företag i dagsläget måste ta hänsyn till är bristande säkerhetsbeteende hos anställda vid användande av informationssystem. Denna brist kan leda till incidenter där produktivitet går förlorad eller känslig data läcks. Detta gör att användarnas beteende och efterlevnad av säkerhetsriktlinjer blir ett viktigt ämne för företag och organisationer. Tidigare studier identifierar flera faktorer som bidrar till bättre eller sämre säkerhetsbeteende hos individer. UMISPC-modellen (“Unified Model of Information Security Policy Compliance”) skapad av Moody m.fl. (2018) är en ansats till att unifiera faktorer från flera teorier. De inkluderar enbart faktorer som de kunde stödja i ett specifikt kontext men misstänker att effekten av faktorer som de exkluderar kan stödjas i andra kontext. För denna uppsats utfördes en litteraturstudie där faktorer i existerande modeller identifieras och klassificeras in i de faktorer som UMISPC-modellen definierar. Litteraturstudien gjordes via söktjänsten Uppsalas universitetsbibliotek. Resultaten visade att flera av studiernas resultat stöder flera av de faktorer som Moody m.fl. (2018) inte fann stöd för. Dessa faktorer kan därför vara aktuella för framtida utökningar av UMISPC-modellen trots att de inte kunde stödjas av Moody m.fl. (2018). / One of the security risks companies of today have to consider is poor security behavior of employees while using information systems. These behaviors can lead to incidents where productivity is lost or sensitive data is leaked. This causes the users’ behavior and compliance with security guidelines to become an important subject for companies and other organizations. Earlier studies identified several factors contributing to better or worse security behavior of individuals. The UMISPC model (Unified Model of Information Security Policy Compliance) created by Moody et al. (2018) is an effort to unify factors from multiple theories. They only include factors for which they were able to find support in a specific context but suspect that the effect of factors they exclude can be supported in other contexts. For this essay, a literature study was performed where factors from existing models were classified into factors defined by the UMISPC model. The literature study was performed using the search engine provided by Uppsala’s university library. The result showed that several studies support the factors that Moody et al. (2018) did not find support for. These factors can therefore be valid for future extensions of the UMISPC model even though they could not be supported by Moody et al. (2018).
|
| 16 |
Har vi verkligen ett säkert beteende på internet? : En kvalitativ studie om hur användare hanterar lösenord på internet och varför de gör som de gör. / Is our behavior on Internet secure? : A qualitative study on how users manage their online password and why they do as they doAhlqvist, Klas, Norell, Per-Ivar January 2022 (has links)
Introduktion: För att kunna använda möjligheterna som internet erbjuder krävs i många fall ett användarkonto som identifierar och autentiserar användaren. En förutsättning för att det ska vara säkert är att ingen annan har tillgång till användarens kontouppgifter, vilket ställer krav på att användaren har komplexa och unika lösenord. Syfte: I denna studie har vi undersökt vilken kunskap användare har kring säkra lösenord, hur de agerar samt undersökt varför de agerar som de gör. Metod: Studien är genomförd som en kvalitativ intervjustudie med 12 respondenter i varierande ålder och bakgrund. Resultat: Våra resultat visar att användarens kunskaper ofta bygger på äldre, ej längre aktuella, rekommendationer. De har även bristande kunskaper om vad en lösenordsgenerator eller lösenordshanterare är och hur de fungerar. Kunskapsbristerna, kombinerat med önskan om att det ska gå snabbt, medför att användarna ej genomför korrekta hot- och konsekvensbedömningar av riskerna på internet. Diskussion/Slutsats: Kunskaperna hos användarna behöver höjas för att minska riskerna de utsätter sig för. Teknikutvecklingen går fort och ökad kunskap och medvetenhet krävs för ett säkert agerande på internet. / Introduction: An account, that identify and authorize the user, is nowadays almost a condition for the user’s ability to use the many services Internet provides. If the account shall remain safe, only the user should have access to the user account. The user needs to create unique and complex passwords. Aim: In this study we have examined the end-user’s knowledge regarding safe passwords, how they act. We have also examined why they act as they do. Method: This qualitative study was made through interviews with 12 respondents of varying age. Results: Our findings show that the user’s knowledge often is based on older recommendations. They also lack knowledge about what a password generator, or a password manger, is and how they work. The lack of knowledge combined with a high wish of swift Internet usage leads to inadequate threat and impact assessments of Internet risks. Conclusion: The end-user’s knowledge, regarding security online needs to be improved, to reduce their risk exposure. The development of technology is moving fast so a raised awareness is mandatory for a safe Internet behavior.
|
| 17 |
Tietoturvakoulutuksen vaikuttavuuden arviointi yksilön ja organisaation tietoturvakäyttäytymiseenNykänen, K. (Kari) 02 November 2011 (has links)
Abstract
Information security is a key factor supporting companies' security and business requirements,
and it is significantly affected by the information security behavior of the employees. Previous
research has studied empirically as to which factors explains employees' compliance with
information security policies and instructions. However, there are only a few empirical studied
on the effectiveness of information security training on the information security behavior of
employees. Especially, studies examining the effect on training on employees' cyberloafing
(non-work related Internet use) behavior are far and few between. To address this gap in
research, this thesis carries out an action research study aimed at improving employees'
cyberloafing behavior at an organizational context. The results suggest that cyberloafing can be
reduced by a proper training. / Tiivistelmä
Tietoturva on keskeinen tekijä yrityksen kokonaisturvallisuuden ja liiketoiminnan tarpeiden tukemisessa, johon henkilökunnan tietoturvakäyttäytyminen vaikuttaa hyvin merkittävästi. Yksilön tietoturvakäyttäytymistä ja tietoturvapolitiikan ja -ohjeistuksien noudattamista on tutkittu empiirisesti vahvojen teoreettisten taustojen pohjalta. Tutkimustulokset ovat osoittaneet, että yksilön normeista ja ohjeistuksista poikkeava käyttäytyminen on vahvasti sidoksissa henkilökohtaisiin tapoihin, joita puolustellaan ja selitetään erilaisilla syillä.
Tietoturvakoulutuksen vaikuttavuutta yksilön ja organisaation tietoturvakäyttäytymiseen on tutkittu empiirisesti hyvin vähän. Työhön liittymättömän Internetin käytön kontekstissa tehtyjä tutkimuksia on vain muutamia, ja niissä on selvitetty käytön motivaatiota ja käyttäjien profilointia. Tietoturvakoulutuksen vaikutusta yksilön työhön liittymättömän Internet-käyttäytymisen muuttamiseen ei ole aikaisemmin tieteellisesti tutkittu. Tässä väitöskirjassa tutkitaan tätä ajankohtaista kansainvälisen tutkijayhteisön tiedostamaa ongelmaa.
Tutkimus suoritetaan noudattaen toimintatutkimusmallia kahdessa vaiheessa, joista toisessa sovelletaan kokeellista tutkimusmenetelmää. Pitkittäistutkimuksen ensimmäisessä vaiheessa tutkitaan organisaation tietoturvakäyttäytymistä ja -toimintaa. Tämän perusteella suunnitellaan koulutusmenetelmä, jonka avulla pyritään ratkaisemaan organisaation tietoturvatoiminnan keskeiset ongelmat ja parantamaan yksilön tietoturvatietoisuutta. Toisessa vaiheessa koulutusmenetelmää kehitetään ja laajennetaan koko organisaation henkilökunnan tasolle, minkä tavoitteena on muuttaa yksilön työhön liittymätöntä Internet-käyttäytymistä. Tutkimuksessa sovelletaan kriminologiaan pohjautuvaa neutralisoimisteoriaa ja sosiaalipsykologian tapateoriaa, joiden avulla pyritään selittämään yksilön työhön liittymätöntä Internet-käyttäytymistä. Tietoturvakoulutuksen laadinnassa sovelletaan oppimisen psykologiaa, sosiokonstruktiivista oppimisnäkemystä ja muutos-johtamista.
Tutkimustulokset tarjoavat uutta tietoa siitä, mitä tulee huomioida laadittaessa organisaation tietoturvakoulutusta ja miten huolellisesti laaditun koulutuksen avulla voidaan muuttaa yksilön työhön liittymätöntä Internet-käyttäytymistä. Koulutuksen avulla pyritään vaikuttamaan yksilön syvälle juurtuneisiin tapoihin, käyttäytymiseen ja vastuunottamiseen omasta toiminnasta.
|
Page generated in 0.04 seconds