WHAT INFLUENCES INFORMATION SECURITY BEHAVIOR? A STUDY WITH BRAZILIAN USERS

The popularization of software to mitigate Information Security threats can produce an exaggerated notion about its full effectiveness in the elimination of any threat. This situation can result reckless users behavior, increasing vulnerability. Based on behavioral theories, a theoretical model and hypotheses were developed to understand the extent to which human perception of threat, stress, control and disgruntlement can induce responsible behavior. A self-administered questionnaire was created and validated. The data were collected in Brazil, and complementary results regarding similar studies conducted in USA were found. The results show that there is influence of information security orientations provided by organizations in the perception about severity of the threat. The relationship between threat, effort, control and disgruntlement, and the responsible behavior towards information security was verified through linear regression. The contributions also involve relatively new concepts in the field and a new research instrument.

[1]  Hennie A. Kruger,et al.  Can perceptual differences account for enigmatic information security behaviour in an organisation? , 2016, Comput. Secur..

[2]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[3]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[4]  Yajiong Xue,et al.  Avoidance of Information Technology Threats: A Theoretical Perspective , 2009, MIS Q..

[5]  Edimara Mezzomo Luciano,et al.  Preocupação com a Privacidade na Internet: Uma Pesquisa Exploratória no Cenário Brasileiro , 2015 .

[6]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[7]  E. Kevin Kelloway,et al.  Counterproductive work behavior as protest , 2010 .

[8]  P. Carayon,et al.  Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. , 2007, Applied ergonomics.

[9]  Paul E. Spector,et al.  The dimensionality of counterproductivity: Are all counterproductive behaviors created equal? , 2006 .

[10]  V. T. Raja,et al.  Protecting the privacy and security of sensitive customer data in the cloud , 2012, Comput. Law Secur. Rev..

[11]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[12]  Lara Khansa,et al.  How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management , 2009, Computers & security.

[13]  Rodrigo Roratto,et al.  Security information in production and operations: a study on audit trails in database systems , 2014 .

[14]  Steven Furnell,et al.  Information security policy compliance model in organizations , 2016, Comput. Secur..

[15]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[16]  Ainin Sulaiman,et al.  Information security landscape and maturity level: Case study of Malaysian Public Service (MPS) organizations , 2009, Gov. Inf. Q..

[17]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[18]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[19]  Ernani Marques dos Santos,et al.  ADOPTION OF INFORMATION SECURITY MEASURES IN PUBLIC RESEARCH INSTITUTES , 2015 .

[20]  Atreyi Kankanhalli,et al.  Studying users' computer security behavior: A health belief perspective , 2009, Decis. Support Syst..

[21]  Yajiong Xue,et al.  Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..

[22]  Rolph E. Anderson,et al.  Multivariate Data Analysis (7th ed. , 2009 .

[23]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[24]  K. Hausken,et al.  A Strategic Analysis of Information Sharing Among Cyber Attackers , 2015 .

[25]  Eirik Albrechtsen,et al.  The information security digital divide between information security managers and users , 2009, Comput. Secur..

[26]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[27]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[28]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[29]  J. Hair,et al.  Essentials of Business Research , 2003 .