The role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills influence on computer misuse

Cybersecurity threats and vulnerabilities are causing substantial financial losses for governments and organizations all over the world. Intentional and unintentional users’ misuse of information systems (IS) resources represents 50% to 75% of cybersecurity threats. Computer Crime and Security Survey revealed that nearly 60% of security breaches occurred from inside the organization by authorized users. Computer users are deemed as one of the weakest links in the IS security chain. In this study, we examined the effect of user computer self-efficacy (CSE), cybersecurity countermeasures awareness (CCA), and cybersecurity skills (CS) on users’ computer misuse intention (CMI) at a government agency. Our results show that the factor of users’ awareness of computer monitoring (UAC-M) and cybersecurity initiative skill (CIS) were significant contributors to CMI. UAC-M and CSE were significant contributors to cybersecurity computing skill (CCS). Users’ awareness of security policy (UAS-P) was a significant contributor to cybersecurity action skill (CAS). However, CSE had no direct influence on misuse behavior. We conclude the paper with discussion about the results along with suggestions for future research.

[1]  Laurie J. Kirsch,et al.  If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security , 2009, Eur. J. Inf. Syst..

[2]  Anindya Ghose,et al.  The Economic Incentives for Sharing Security Information , 2004, Inf. Syst. Res..

[3]  Eirik Albrechtsen,et al.  A qualitative study of users' view on information security , 2007, Comput. Secur..

[4]  A. Bandura Recycling misconceptions of perceived self-efficacy , 1984, Cognitive Therapy and Research.

[5]  A. Taneja Determinants Of Adverse Usage Of Information Systems Assets: A Study Of Antecedents Of IS Exploit In Organizations , 2007 .

[6]  K. Fischer A theory of cognitive development: The control and construction of hierarchies of skills. , 1980 .

[7]  Yair Levy,et al.  A study of the contributions of attitude, computer security policy awareness, and computer self-efficacy to the employees' computer abuse intention in business environments , 2008 .

[8]  Yair Levy,et al.  Securing E-Learning Systems: A Case of Insider Cyber Attacks and Novice IT Management in a Small University , 2006, J. Cases Inf. Technol..

[9]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[10]  Jungwoo Lee,et al.  Measures of perceived end-user computing skills , 2003, Inf. Manag..

[11]  Rossouw von Solms,et al.  Information security obedience: a definition , 2005, Comput. Secur..

[12]  A. Hovav,et al.  Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures , 2009 .

[13]  Michael McKee,et al.  Audit Certainty, Audit Productivity, and Taxpayer Compliance , 2006, National Tax Journal.

[14]  M. Frese,et al.  Three Avenues for Future Research on Creativity, Innovation, and Initiative , 2004 .

[15]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[16]  A. Bandura Self-efficacy: toward a unifying theory of behavioral change. , 1977, Psychology Review.

[17]  C. D. De Dreu,et al.  Self-interest and other-orientation in organizational behavior: implications for job performance, prosocial behavior, and personal initiative. , 2009, The Journal of applied psychology.

[18]  Jan H. P. Eloff,et al.  An Information Security Governance Framework , 2007, Inf. Syst. Manag..

[19]  Yacine Rezgui,et al.  Information security awareness in higher education: An exploratory study , 2008, Comput. Secur..

[20]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[21]  Kregg Aytes,et al.  Computer Security and Risky Computing Practices: A Rational Choice Perspective , 2004, J. Organ. End User Comput..

[22]  Cynthia LeRouge,et al.  Exploring the Systems Analyst Skill Set: Perceptions, Preferences, Age, and Gender , 2005, J. Comput. Inf. Syst..

[23]  Denise C. Park,et al.  EFFECTS OF AGE AND TRAINING FORMATS ON BASIC COMPUTER SKILL ACQUISITION IN OLDER ADULTS , 1998 .

[24]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[25]  Thomas W. Mangione,et al.  Mail Surveys: Improving the Quality , 1995 .

[26]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[27]  Qing Hu,et al.  User behaviour towards protective information technologies: the role of national cultural differences , 2009, Inf. Syst. J..

[28]  Frederick J. Gravetter,et al.  Essentials of Statistics for the Behavioral Sciences , 1991 .

[29]  Blake Ives,et al.  Web-based Virtual Learning Environments: a Research Framework and a Preliminary Assessment of Effectiveness in Basic It Skills Training Author(s): Piccoli Et Al./web-based Virtual Learning Environments Web-based Virtual Learning Environments: a Research Framework and a Preliminary Assessment of Effe , 2022 .

[30]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[31]  Cynthia E. Irvine,et al.  A video game for cyber security training and awareness , 2007, Comput. Secur..

[32]  Claudio Barbaranelli,et al.  Role of affective self-regulatory efficacy in diverse spheres of psychosocial functioning. , 2003, Child development.

[33]  Appa Rao Korukonda Managerial Action Skills in Business Education: Missing Link or Misplaced Emphasis? , 1992 .

[34]  Deborah Compeau,et al.  Computer Self-Efficacy: Development of a Measure and Initial Test , 1995, MIS Q..

[35]  Timothy Paul Cronan,et al.  Piracy, computer crime, and IS misuse at the university , 2006, Commun. ACM.

[36]  David M. Hansen,et al.  Adolescents' Accounts of Growth Experiences in Youth Activities , 2003 .

[37]  Yair Levy,et al.  A Case Study of Management Skills Comparison in Online and On-Campus MBA Programs , 2005, Int. J. Inf. Commun. Technol. Educ..

[38]  Howard B. Lee,et al.  Foundations of Behavioral Research , 1973 .

[39]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[40]  Hennie A. Kruger,et al.  Value-focused assessment of ICT security awareness in an academic environment , 2007, Comput. Secur..