Personality and IT security: An application of the five-factor model

Despite numerous advances in IT security, many computer users are still vulnerable to security-related risks because they do not comply with organizational policies and procedures. In a network setting, individual risk can extend to all networked users. Endpoint security refers to the set of organizational policies, procedures, and practices directed at securing the endpoint of the network connections – the individual end user. As such, the challenges facing IT managers in providing effective endpoint security are unique in that they often rely heavily on end user participation. But vulnerability can be minimized through modification of desktop security programs and increased vigilance on the part of the system administrator or CSO. The cost-prohibitive nature of these measures generally dictates targeting high-risk users on an individual basis. It is therefore important to differentiate between individuals who are most likely to pose a security risk and those who will likely follow most organizational policies and procedures.

[1]  Mark Attridge,et al.  Predicting relationship stability from both partners versus one. , 1995 .

[2]  A. Adam Whatever happened to information systems ethics? Caught between the devil and the deep blue sea , 2004 .

[3]  S. Srivastava,et al.  The Big Five Trait taxonomy: History, measurement, and theoretical perspectives. , 1999 .

[4]  Anol Bhattacherjee,et al.  Understanding Information Systems Continuance: An Expectation-Confirmation Model , 2001, MIS Q..

[5]  D. Funder,et al.  Profiting from controversy. Lessons from the person-situation debate. , 1988, The American psychologist.

[6]  Niels G. Waller,et al.  Is it time for clinical psychology to embrace the five-factor model of personality? , 1987 .

[7]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[8]  W. Graziano,et al.  The five-factor model, conscientiousness, and driving accident involvement. , 1996, Journal of personality.

[9]  R. E. Christal,et al.  Recurrent personality factors based on trait ratings. , 1992, Journal of personality.

[10]  Detmar W. Straub,et al.  Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[11]  Merrill Warkentin,et al.  Introducing the Check-Off Password System (COPS): An Advancement in User Authentication Methods and Information Security , 2004, J. Organ. End User Comput..

[12]  Robert Hogan,et al.  Fifty years of personality psychology , 1993 .

[13]  Jane M. Howell,et al.  Champions of Technological Innovation. , 1990 .

[14]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[15]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[16]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[17]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[18]  L. Wheeler,et al.  Review of personality and social psychology , 1980 .

[19]  Cara C. Bauer,et al.  The five‐factor model and safety in the workplace: Investigating the relationships between personality and accident involvement , 2001 .

[20]  L. R. Goldberg The structure of phenotypic personality traits. , 1993, The American psychologist.

[21]  Gary Klein,et al.  Wanted:project teams with a blend of is professional orientations , 2002, CACM.

[22]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[23]  Nathan Brody,et al.  Personality in Search of Individuality , 1988 .

[24]  Peg Thoms,et al.  The relationship between self‐efficacy for participating in self‐managed work groups and the big five personality dimensions , 1996 .

[25]  John W. Lounsbury,et al.  RIM Professionals: A Distinct Personality? A study reveals that records and information management (RIM) professionals exhibit particular personality traits, which should aid those making hiring and career decisions , 2005 .

[26]  Aaron L. Pincus,et al.  Paradigms of Personality Assessment , 2003 .

[27]  J. Conley,et al.  Longitudinal stability of personality traits: a multitrait-multimethod-multioccasion analysis. , 1985, Journal of personality and social psychology.

[28]  Jane M. Howell,et al.  Champions of change: Identifying, understanding, and supporting champions of technological innovations , 1990 .

[29]  Lawrence R. James,et al.  Personality in Work Organizations , 2001 .

[30]  Filotheos Ntalianis,et al.  The Impact of Personality on Psychological Contracts , 2004 .

[31]  D. Buss,et al.  Structure of act-report data: is the five-factor model of personality recaptured? , 1989, Journal of personality and social psychology.

[32]  L. A. Pervin Handbook of Personality: Theory and Research , 1992 .

[33]  Arnold H. Buss,et al.  Personality: Evolutionary Heritage and Human Distinctiveness , 1988 .

[34]  Mikko T. Siponen,et al.  Five dimensions of information security awareness , 2001, CSOC.

[35]  E. Scott Geller,et al.  ManagementManagement People-Based Safety Exploring the role of personality in injury prevention , 2005 .

[36]  Peter A. Todd,et al.  Understanding Information Technology Usage: A Test of Competing Models , 1995, Inf. Syst. Res..

[37]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[38]  Raymond B. Cattell,et al.  The principal trait clusters for describing personality. , 1945 .

[39]  G. Āllport,et al.  Trait-names: A psycho-lexical study. , 1936 .

[40]  D. Funder Global Traits: A Neo-Allportian Approach to Personality , 1991 .

[41]  Steven Furnell,et al.  A prototype tool for information security awareness and training , 2002 .

[42]  Cara C. Bauer,et al.  The five‐factor model and safety in the workplace: Investigating the relationships between personality and accident involvement , 2001 .

[43]  J. M. Digman PERSONALITY STRUCTURE: EMERGENCE OF THE FIVE-FACTOR MODEL , 1990 .

[44]  L. R. Goldberg THE DEVELOPMENT OF MARKERS FOR THE BIG-FIVE FACTOR STRUCTURE , 1992 .

[45]  Lawrence A. Pervin,et al.  A Critical Analysis of Current Trait Theory , 1994 .