Examining End-user Perceptions of Information Risks: An Application for the Repertory Grid Technique

This paper proposes a research method that investigates the risk perceptions of computer endusers relating to organisational Information Security (InfoSec) and the situational factors that influence these perceptions. This method uses the Repertory Grid Technique (RGT) within recorded semi-structured interviews to elicit computer end-user perceptions, thoughts, beliefs and views pertaining to information security risks and threats. The suitability and appropriateness of using the RGT for this task is also discussed.

[1]  Richard A. Lippa,et al.  Introduction to Social Psychology , 1990 .

[2]  Dorothy E. Denning,et al.  Information Warfare And Security , 1998 .

[3]  M Bouyer,et al.  Personality Correlates of Risk Perception , 2001, Risk analysis : an official publication of the Society for Risk Analysis.

[4]  I. Ajzen,et al.  Attitudinal and normative variables as predictors of specific behavior. , 1973 .

[5]  Neil Hair,et al.  Using qualitative repertory grid techniques to explore perceptions of business-to-business online customer experience , 2009 .

[6]  Mikko T. Siponen,et al.  A Critical Assessment of IS Security Research between 1990-2004 , 2007, ECIS.

[7]  Felix B. Tan,et al.  Exploring Business-IT Alignment Using the Repertory Grid , 1999 .

[8]  I. Ajzen The theory of planned behavior , 1991 .

[9]  Felix B. Tan,et al.  The Repertory Grid Technique: A Method for the Study of Cognition in Information Systems , 2002, MIS Q..

[10]  P. Reason,et al.  Human inquiry : a sourcebook of new paradigm research , 1983 .

[11]  Izak Benbasat,et al.  AMCIS 2002 Panels and Workshops I: Human-Computer Interaction Research in the MIS Discipline , 2002, Commun. Assoc. Inf. Syst..

[12]  B. Fischhoff,et al.  How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits , 1978 .

[13]  Sjoberg Factors in risk perception , 2000, Risk analysis : an official publication of the Society for Risk Analysis.

[14]  A. Stewart,et al.  Business applications of repertory grid , 1981 .

[15]  Stephen L. Brown,et al.  Relationships between risk-taking behaviour and subsequent risk perceptions. , 2005, British journal of psychology.

[16]  James D. Hollan,et al.  Strategic directions in human-computer interaction , 1996, CSUR.

[17]  Malcolm Robert Pattinson,et al.  End-user Risk-taking Behaviour: an application of the IMB model , 2007 .

[18]  Gary M Olson,et al.  Human-computer interaction: psychological aspects of the human use of computing. , 2003, Annual review of psychology.

[19]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[20]  B. Fischhoff,et al.  Facts and Fears: Understanding Perceived Risk , 2005 .

[21]  Jurij F. Tasic,et al.  Information systems security and human behaviour , 2007, Behav. Inf. Technol..

[22]  G. Kelly The Psychology of Personal Constructs , 2020 .

[23]  P Armsby,et al.  Methods for assessing drivers' perception of specific hazards on the road. , 1989, Accident; analysis and prevention.

[24]  John Leach,et al.  Improving user security behaviour , 2003, Comput. Secur..

[25]  Malcolm Robert Pattinson,et al.  How well are information risks being communicated to your computer end-users? , 2007, Inf. Manag. Comput. Secur..

[26]  Clinton M. Jenkin Risk Perception and Terrorism: Applying the Psychometric Paradigm , 2006 .

[27]  Herbert J. Mattord,et al.  Management of Information Security, 3rd Edition , 2010 .

[28]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[29]  Jeanne Bertolli,et al.  HIV-related risk behaviors, perceptions of risk, HIV testing, and exposure to prevention messages and methods among urban American Indians and Alaska Natives. , 2006, AIDS education and prevention : official publication of the International Society for AIDS Education.

[30]  M. J. Quadrel,et al.  Risk perception and communication , 2008 .

[31]  A. Bytheway,et al.  Factors affecting information systems’ success , 1996 .

[32]  Paul Benjamin Lowry,et al.  An Overview and Tutorial of the Repertory Grid Technique in Information Systems Research , 2008, Commun. Assoc. Inf. Syst..