Personality, attitudes, and intentions: Predicting initial adoption of information security behavior

Shropshire, Jordan; Warkentin, Merrill; Sharma, Shwadhin

doi:10.1016/j.cose.2015.01.002

Cited by 218 publications

(188 citation statements)

References 86 publications

Supporting

Mentioning

161

Contrasting

Unclassified

Order By: Relevance

“…Intention plays an important role in terms of complying with OISPs [32]. In another study, Shropshire, Warkentin [33] used intention to show the adoption of information security behaviour in organisations. Park, Gu [34] showed that intention changes the employees' behaviour toward sharing their knowledge in firms.…”

Section: Isc Intentionmentioning

confidence: 99%

See 1 more Smart Citation

Information security collaboration formation in organisations

Safa

Maple

Watson

et al. 2018

IET Information Security

View full text Add to dashboard Cite

Collaboration between employees in the domain of information security efficiently mitigates the effect of information security attacks on organisations. Collaboration means working together to do or to fulfil a shared goal, the target of which in this paper is the protection of the information assets in organisations. Information Security Collaboration (ISC) aims to aggregate the employees' contribution against information security threats. This study clarifies how ISC is to be developed and how it helps to reduce the effect of attacks. The socialisation of collaboration in the domain of information security applies two essential theories: Social Bond Theory (SBT) and the Theory of Planned Behaviour (TPB). The results of the data analysis revealed that personal norms, involvement, and commitment significantly influence the employees' attitude towards ISC intention. However, contrary to our expectation, attachment does not influence the attitude of employees towards ISC. In addition, attitudes towards ISC, perceived behavioural control, and personal norms significantly affect the intention towards ISC. The findings also show that the intention for ISC and organisational support positively influence ISC, but that trust does not significantly affect ISC behaviour.

show abstract

Section: Isc Intentionmentioning

confidence: 99%

“…The extent to which a company appreciates and values its staffs' effort and considers their well-being manifests its support towards its employees [33]. A well-designed team with good people can perform poorly if an organisation does not provide appropriate support and the necessary resources.…”

Section: Organisational Supportmentioning

confidence: 99%

Information security collaboration formation in organisations

Safa

Maple

Watson

et al. 2018

IET Information Security

View full text Add to dashboard Cite

show abstract

“…There are a number of individual factors that influence whether people take risk messages seriously or not, including personality, for example [32], so this is difficult to accommodate in design.…”

Section: A Risk Perceptionmentioning

confidence: 99%

Cybersecurity and the Unbearability of Uncertainty

Renaud

Weir

2016

2016 Cybersecurity and Cyberforensics Conference (CCC)

View full text Add to dashboard Cite

Abstract-Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks.Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not.The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.

show abstract

“…Albrechtsen and Hovden (2007) claim that traditionally, the field of information security has been preoccupied by the first three stages. However, during the last decade it entered the fourth stage by an increased attention to individual awareness and behavior (Stanton et al, 2005;Möller et al, 2011;Shropshire et al, 2015) as well as the concept of information security culture (Ruighaver et al, 2007;van Niekerk and von Solms, 2010;da Veiga, 2015). In order for information security to reach the fifth step, we claim that there is a need to investigate adaptive management strategies.…”

Section: Introductionmentioning

confidence: 99%

Examining the suitability of industrial safety management approaches for information security incident management

Line

Albrechtsen

2016

Information &Amp; Computer Security

View full text Add to dashboard Cite

Purpose This paper discusses whether recent theoretical and practical approaches within industrial safety management might be applicable to, and solve challenges experienced in, the field of information security, specifically related to incident management.Design/methodology/approach Literature review. FindingsPrinciples, research, and experiences on the issues of plans, training, and learning in the context of industrial safety management would be suitable for adoption into the field of information security incident management and aid in addressing current challenges. Research limitations/implications (if applicable)There are a number of reasons why approaches from industrial safety management have something to offer to information security incident management: the former field is more mature and has longer traditions, there is more organizational research on industrial safety issues than on information security issues so far, individual awareness is higher for industrial safety risks, and worker participation in systematic industrial safety work is ensured by law. More organizational research on information security issues and continuous strengthening of individual security awareness would push information security to further maturity levels where current challenges are solved. Practical implications (if applicable)This paper shows that the field of information security incident management would gain from closer collaborations with industrial safety management, both in research and in practical loss prevention in organizations. The ideas discussed in this paper form a basis for further research on practical implementations and case studies. Originality/valueThe main audience of this paper includes information security researchers and practitioners, as they will find inspirational theories and experiences to bring into their daily work and future projects.

show abstract

Personality, attitudes, and intentions: Predicting initial adoption of information security behavior

Cited by 218 publications

References 86 publications

Information security collaboration formation in organisations

Information security collaboration formation in organisations

Cybersecurity and the Unbearability of Uncertainty

Examining the suitability of industrial safety management approaches for information security incident management

Contact Info

Product

Resources

About