1 |
The Impact of Information Security Awareness on Compliance with Information Security Policies: a Phishing PerspectiveHanus, Bartlomiej T. 08 1900 (has links)
This research seeks to derive and examine a multidimensional definition of information security awareness, investigate its antecedents, and analyze its effects on compliance with organizational information security policies. The above research goals are tested through the theoretical lens of technology threat avoidance theory and protection motivation theory. Information security awareness is defined as a second-order construct composed of the elements of threat and coping appraisals supplemented by the responsibilities construct to account for organizational environment. The study is executed in two stages. First, the participants (employees of a municipality) are exposed to a series of phishing and spear-phishing messages to assess if there are any common characteristics shared by the phishing victims. The differences between the phished and the not phished group are assessed through multiple discriminant analysis. Second, the same individuals are asked to participate in a survey designed to examine their security awareness. The research model is tested using PLS-SEM approach. The results indicate that security awareness is in fact a second-order formative construct composed of six components. There are significant differences in security awareness levels between the victims of the phishing experiment and the employees who maintain compliance with security policies. The study extends the theory by proposing and validating a universal definition of security awareness. It provides practitioners with an instrument to examine awareness in a plethora of settings and design customized security training activities.
|
2 |
User Information Security Behavior in Professional Virtual Communities: A Technology Threat Avoidance ApproachForrester, Vivienne 01 January 2019 (has links)
The popularization of professional virtual communities (PVCs) as a platform for people to share experiences and knowledge has produced a paradox of convenience versus security. The desire to communicate results in disclosure where users experience ongoing professional and social interaction. Excessive disclosure and unsecured user security behavior in PVCs increase users’ vulnerability to technology threats. Nefarious entities frequently use PVCs such as LinkedIn to launch digital attacks. Hence, users are faced with a gamut of technology threats that may cause harm to professional and personal lives. Few studies, however, have examined users’ information security behavior and their motivation to engage in technology threat avoidance behavior in a PVC.
This study tested a professional virtual community technology threat avoidance model empirically. The model was developed from the conceptualization of different aspects of the technology threat avoidance theory, social cognitive theory, and involvement theory through an integrated approach. This quantitative study employed a random sampling methodology. Prior to collecting data for the main study an expert panel review and a pilot study were conducted. A web-based survey designed with a 5-point Likert scale was distributed to 1285 LinkedIn members to gather self-reported data on users’ technology threat avoidance behavior. Confirmatory factor analysis (CFA) and structural equation modeling (SEM) were used to analyze the data gathered from 380 respondents.
The results of the data analysis revealed that perceived susceptibility, perceived severity, and information security knowledge sharing are strong predictors of avoidance motivation. Information security knowledge sharing had the most significant predicting effect on avoidance motivation in PVCs. Also, self-efficacy, group norms, and avoidance motivation all have a significant predicting effect on users’ information security avoidance behavior in PVCs. However, information security experience and safeguarding measure cost do not have a significant predicting effect on users’ information security avoidance motivation. This study makes significant contributions to the IS body of knowledge and has implications for practitioners and academics. This study offers a comprehensive model through the integration of behavioral and cognitive theories to better understand user information security behavior in PVCs. The model also identifies essential elements to motivate users to engage in technology threat avoidance behavior.
|
3 |
The Relationship Between Technology Threat Avoidance and Innovation in Health Care OrganizationsFenner Jr, Melvin R. 01 January 2017 (has links)
Most leaders of healthcare delivery organizations have increased their rate of technological innovation, but some still struggle to keep pace with other industries. The problem addressed in this study was that senior leaders in some rural ambulatory healthcare facilities failed to innovate, even with recent healthcare technological innovations, which could lead to increased medical errors and a loss of efficiency. The purpose of the study was to examine if a relationship exists between the avoidance of technology threats by senior leaders in ambulatory healthcare organizations and the innovation propensity of the organization. Technology threat avoidance theory served as the theoretical basis for this correlational study. The research questions were used to investigate the relationship between technology threat avoidance by senior leaders and the ways avoidance affects an organization's level of technological innovation. Data were collected from 90 respondents via an anonymous online survey, developed from the innovation culture measurement and the COPE measurement, and analyzed using multiple regression and Spearman's correlation. Organizations with senior leaders who actively avoided technology threats had significantly higher innovation propensity (β = .51, p = .001). The analysis also showed that rural healthcare delivery organizations tended to have lower innovation propensity (β = -.18, p = .05). The study social change implications enable the leaders of more health care delivery organizations to actively mitigate technology threats, rather than passively avoiding them. Properly handling these threats could allow management to make more informed decisions about technology implementations and thus increase their ability to provide meaningful, innovative care and to avoid one of the leading causes of death-medical errors.
|
Page generated in 0.0703 seconds