Management of Technical Security Measures: An Empirical Examination of Personality Traits and Behavioral Intentions

Organizations are investing substantial resources in technical security measures that aim at preventively protecting their information assets. The way management -- or information security executives -- deals with potential security measures varies individually and depends on personality traits and cognitive factors. Based on the Theory of Planned Behavior, we examine the relationship between the personality traits of conscientiousness, neuroticism and openness with attitudes and intentions towards managing technical security measures. The highly relevant moderating role of compliance factors is also investigated. The hypothesized relationships are analyzed and validated using empirical data from a survey of 174 information security executives. Findings suggest that conscientiousness is important in determining the attitude towards the management of technical security measures. In addition, the findings indicate that when executives are confronted with information security standards or guidelines, the personality traits of conscientiousness and openness will have a stronger effect on attitude towards managing security measures than without moderators.

[1]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[2]  Robert F. Easley,et al.  Research Note - How Does Personality Matter? Relating the Five-Factor Model to Technology Acceptance and Use , 2008, Inf. Syst. Res..

[3]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[4]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[5]  Miriam A. M. Capretz,et al.  Developing Proactive Security Dimensions for SOA , 2011 .

[6]  Rocci Luppicini,et al.  Handbook of Research on Technoself : Identity in a Technological Society Chapter on Social networking and identity , 2012 .

[7]  Gunnar Ellingsen Tightrope Walking: Standardisation Meets Local Work-Practice in a Hospital , 2004, Int. J. IT Stand. Stand. Res..

[8]  Knut Blind,et al.  Factors influencing the lifetime of telecommunication and information technology standards: results of an explorative analysis of the perinorm database , 2005, The 4th Conference on Standardization and Innovation in Information Technology, 2005..

[9]  Mikko T. Siponen,et al.  Information security management standards: Problems and solutions , 2009, Inf. Manag..

[10]  Oded Nov,et al.  Personality and Technology Acceptance: Personal Innovativeness in IT, Openness and Resistance to Change , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[11]  Wynne W. Chin Issues and Opinion on Structural Equation Modeling by , 2009 .

[12]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[13]  Thomas Wagner,et al.  Standardising the Internet of Things: : What the Experts Think , 2011, Int. J. IT Stand. Stand. Res..

[14]  Saad Haj Bakry,et al.  Using ISO 17799: 2005 information security management: a STOPE view with six sigma approach , 2007, Int. J. Netw. Manag..

[15]  I. Levin,et al.  Personality traits and risky decision-making in a controlled experimental task: An exploratory study. , 2001 .

[16]  Iris A. Junglas,et al.  A Research Model for Studying Privacy Concerns Pertaining to Location-Based Services , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[17]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[18]  Detmar W. Straub,et al.  Validation Guidelines for IS Positivist Research , 2004, Commun. Assoc. Inf. Syst..

[19]  Debi Ashenden,et al.  Information Security management: A human challenge? , 2008, Inf. Secur. Tech. Rep..

[20]  Rajeev Sharma,et al.  The Contingent Effects of Management Support and Task Interdependence on Successful Information Systems Implementation , 2003, MIS Q..

[21]  P. Sheeran,et al.  Does changing behavioral intentions engender behavior change? A meta-analysis of the experimental evidence. , 2006, Psychological bulletin.

[22]  Vincent L. Barker,et al.  CEO Characteristics and Firm R&D Spending , 2002, Manag. Sci..

[23]  T. Abad,et al.  The Project of the Ancient Spanish Cartography E-Library: Main Targets and Legal Challenges , 2010 .

[24]  Tineke M. Egyedi,et al.  The Effect of Pre-Existing Standards and Regulations on the Development and Diffusion of Radically New Innovations , 2014, Int. J. IT Stand. Stand. Res..

[25]  D. Hambrick,et al.  Upper Echelons: The Organization as a Reflection of Its Top Managers , 1984 .

[26]  Hock-Hai Teo,et al.  Decision-Maker Mindfulness in IT Adoption: The Role of Informed Culture and Individual Personality , 2009, ICIS.

[27]  Marlin C. Bates The Ur-Real Sonorous Envelope: Bridge between the Corporeal and the Online Technoself , 2013 .

[28]  R. Tett,et al.  A personality trait-based interactionist model of job performance. , 2003, The Journal of applied psychology.

[29]  Detmar W. Straub,et al.  Structural Equation Modeling and Regression: Guidelines for Research Practice , 2000, Commun. Assoc. Inf. Syst..

[30]  Wei Wang How Personality Affects Continuance Intention: An Empirical Investigation of Instant Messaging , 2010, PACIS.

[31]  R. Rosenfeld Belief , 2012, Otolaryngology--head and neck surgery : official journal of American Academy of Otolaryngology-Head and Neck Surgery.

[32]  Javier Santos,et al.  Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness , 2006, ISC.

[33]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[34]  Geerten van de Kaa,et al.  The Challenge of Establishing a Recognized Interdisciplinary Journal: A Citation Analysis of the International Journal of IT Standards and Standardization Research , 2013, Int. J. IT Stand. Stand. Res..

[35]  Murray R. Barrick,et al.  Personality and Performance at the Beginning of the New Millennium: What Do We Know and Where Do We Go Next? , 2001 .

[36]  Kai Jakobs,et al.  Modern Trends Surrounding Information Technology Standards and Standardization within Organizations , 2014 .

[37]  Raymond R. Panko,et al.  A Composite Framework for Behavioral Compliance with Information Security Policies , 2012, HICSS.

[38]  Gaurav Bansal Security Concerns in the Nomological Network of Trust and Big 5: First Order Vs. Second Order , 2011, ICIS.

[39]  Tineke M. Egyedi,et al.  Standards for ICT - A green strategy in a grey sector , 2011, 2011 7th International Conference on Standardization and Innovation in Information Technology (SIIT).

[40]  Huseyin Cavusoglu,et al.  Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems , 2009, Inf. Syst. Res..

[41]  Panayiotis Zaphiris,et al.  Human computer interaction : concepts, methodologies, tools, and applications , 2009 .

[42]  Scott S. Fisher,et al.  Location-Based Mobile Storytelling , 2009, Int. J. Technol. Hum. Interact..

[43]  Qingxiong Ma,et al.  ISO 17799: "Best Practices" in Information Security Management? , 2005, Commun. Assoc. Inf. Syst..

[44]  Wynne W. Chin,et al.  A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic - Mail Emotion/Adoption Study , 2003, Inf. Syst. Res..

[45]  Alexander Hars,et al.  Web Based Knowledge Infrastructures for the Sciences: An Adaptive Document , 2000, Commun. Assoc. Inf. Syst..

[46]  Mehdi Khosrowpour Cases on the Human Side of Information Technology , 2006 .

[47]  Paul E. Spector,et al.  Relations of incumbent affect-related personality traits with incumbent and objective measures of characteristics of jobs , 1995 .

[48]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[49]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[50]  Norman A. Johnson,et al.  Personality traits and concern for privacy: an empirical study in the context of location-based services , 2008, Eur. J. Inf. Syst..

[51]  Rachel Barker,et al.  IT Policy and Ethics: Concepts, Methodologies, Tools, and Applications , 2013 .

[52]  46th Hawaii International Conference on System Sciences, HICSS 2013, Wailea, HI, USA, January 7-10, 2013 , 2013, HICSS.

[53]  Jordan Shropshire,et al.  Personality and IT security: An application of the five-factor model , 2006, AMCIS.

[54]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[55]  Mehmet Gençer,et al.  The Evolution and Specialization of IETF Standards , 2015 .

[56]  Yan Li,et al.  Innovative usage of information technology in Singapore organizations: do CIO characteristics make a difference? , 2006, IEEE Transactions on Engineering Management.

[57]  Richard T. Watson,et al.  Information systems leadership , 2006, IEEE Transactions on Engineering Management.

[58]  P. Costa,et al.  Revised NEO Personality Inventory (NEO-PI-R) and NEO-Five-Factor Inventory (NEO-FFI) , 1992 .

[59]  I. Ajzen The theory of planned behavior , 1991 .

[60]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[61]  P. Costa,et al.  NEO inventories for the NEO Personality Inventory-3 (NEO-PI-3), NEO Five-Factor Inventory-3 (NEO-FFI-3), NEO Personality Inventory-Revised (NEO PI-R) : professional manual , 2010 .