Security concerns of system users: A study of perceptions of the adequacy of security

Abstract In the past several years, a number of researchers have raised the issue of the level of security concern among system users, suggesting that security may be undervalued in both centralized and decentralized IS departments, and among IS staff as well as end-users. Since protective measures often require significant managerial vigilance, an appropriate level of awareness and concern may be a prerequisite for adequate security protection. Given its importance, there is a need for a better understanding of what leads to security concern. This paper focuses on users' perceptions about the security of their systems. Based on previous work on individuals' attitudes and beliefs about IS and IS environments, it is hypothesized that a user's concern about security is a function of three different constructs: industry risk, company actions, and individual awareness. The study tests the main assertions of the model, using a cross-sample comparison of perceptions from two different survey instruments. The first sample used 570 randomly selected DPMA members. The second sample surveyed 357 end-users. The theoretical model does provide some explanation for level of concern among IS professionals in the mainframe and minicomputer environment. Both company actions and individual awareness were statistically significant, although the explained variance was not large. Problems with using post hoc analysis may have contributed to the partial and weak support for the model.

[1]  Dale Goodhue,et al.  Supporting users of corporate data : the effect of I/S policy choices , 1988 .

[2]  Dale Goodhue,et al.  Is Attitudes: toward Theoretical and Definition Clarity , 1986, ICIS.

[3]  E. Burton Swanson,et al.  INFORMATION CHANNEL DISPOSITION AND USE , 1987 .

[4]  L. Lanza-Kaduce,et al.  THE PROCESS OF CRIMINALIZATION: THE CASE OF COMPUTER CRIME LAWS* , 1988 .

[5]  James C. Wetherbe,et al.  Service Support Levels: An Organizational Approach to End-User Computing , 1986, MIS Q..

[6]  James C. Wetherbe,et al.  Key issues in information systems management , 1987 .

[7]  Clinton E. White,et al.  The Information Center Concept: A Normative Model and a Study of Six Installations , 1987, MIS Q..

[8]  David H. Benson A Field Study of End User Computing: Findings and Issues , 1983, MIS Q..

[9]  E. W. Martin Information Needs of Top MIS Managers , 1983, MIS Q..

[10]  Martin Herbert,et al.  1985 Opinion Survey of MIS Managers: Key Issues , 1986, MIS Q..

[11]  Michael E. Treacy,et al.  An Empirical Examination of a Causal Model of User Information Satisfaction , 1985, ICIS.

[12]  David J. Weiss,et al.  A theory of work adjustment: A revision. , 1968 .

[13]  William R. Darden,et al.  Causal Models in Marketing , 1980 .

[14]  Maryam Alavi,et al.  Managing the Risks Associated with End-User Computing , 1985, J. Manag. Inf. Syst..

[15]  Richard Harris,et al.  SMIS Members: A Membership Analysis , 1982, MIS Q..

[16]  Sammy W. Pearson,et al.  Development of a Tool for Measuring and Analyzing Computer User Satisfaction , 1983 .

[17]  Robert W. Zmud,et al.  AN EMPIRICAL INVESTIGATION OF THE DIMENSIONALITY OF THE CONCEPT OF INFORMATION , 1978 .

[18]  James C. Wetherbe,et al.  Key Issues in Information Systems - 1986 , 1987, MIS Q..

[19]  M D Buss,et al.  Common sense and computer security. , 1984, Harvard business review.

[20]  Dale Goodhue,et al.  I/S attitudes: toward theoretical and definitional clarity , 2013, DATB.

[21]  James C. Wetherbe,et al.  Key Information Systems Issues for the 1980's , 1984, MIS Q..

[22]  V. Vroom Work and motivation , 1964 .

[23]  Michelle T. Iaffaldano,et al.  Job satisfaction and job performance: A meta-analysis. , 1985 .

[24]  Detmar W. Straub,et al.  Validating Instruments in MIS Research , 1989, MIS Q..

[25]  N. Melone A theoretical assessment of the user-satisfaction construct in information systems research , 1990 .

[26]  Blake Ives,et al.  The measurement of user information satisfaction , 1983, CACM.

[27]  Houston H. Carr Information Centers: The IBM Model vs. Practice , 1987, MIS Q..