External Contextual Factors in Information Security Behaviour

Human behaviour is often considered to be irrational, difficult to understand, and challenging to manage. This phenomenon has a direct impact on the way in which humans behave when confronted with information security which, in turn, complicates how security is to be managed. This research attempts to investigate the role that contextual factors play in how humans behave, specifically with regards to information security. Contextual factors are identified that influence human behaviour in general. These factors are conceptualised in relation to existing models of behaviour and subsequently mapped to information security behaviour. A practical research exercise, relating to information security behaviour, is conducted with a university residence as the contextual environment. The specific contextual factors, and how they relate to information security, are discussed. Information security behavioural threshold analysis is employed to evaluate the impact of the identified contextual factors on the residence’s security behaviour. The results are reflected upon, based on the results from the threshold analysis. The paper concludes by highlighting the contributions that were made towards understanding contextual factors in information security.

[1]  Michael Zimmer,et al.  A contextual approach to information privacy research , 2019, J. Assoc. Inf. Sci. Technol..

[2]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[3]  Mark S. Granovetter Threshold Models of Collective Behavior , 1978, American Journal of Sociology.

[4]  Hennie A. Kruger,et al.  Behavioural threshold analysis: methodological and practical considerations for applications in information security , 2019, Behav. Inf. Technol..

[5]  Lydia L. Gan,et al.  An empirical study of software piracy among tertiary institutions in Singapore , 2006, Inf. Manag..

[6]  Paul Michael Di Gangi,et al.  It Takes a Village: Understanding the Collective Security Efficacy of Employee Groups , 2019, J. Assoc. Inf. Syst..

[7]  Hennie A. Kruger,et al.  I shall, we shall, and all others will: paradoxical information security behaviour , 2018, Inf. Comput. Secur..

[8]  Pieter H. Hartel,et al.  Putting the privacy paradox to the test: Online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources , 2019, Telematics Informatics.

[9]  V. Klerk,et al.  Patterns of alcohol use on a South African university campus: the findings of two annual drinking surveys , 2009 .

[10]  Christine Miller,et al.  Balancing Security and Privacy in the Digital Workplace , 2007 .

[11]  Jordan Shropshire,et al.  Personality, attitudes, and intentions: Predicting initial adoption of information security behavior , 2015, Comput. Secur..

[12]  Valentina Kirova,et al.  Smartphone use during the leisure theme park visit experience: The role of contextual factors , 2019, Inf. Manag..

[13]  Roy Fenoff,et al.  Correlates of participation in e-book piracy on campus , 2019, The Journal of Academic Librarianship.

[14]  R. Belk Situational Variables and Consumer Behavior , 1975 .

[15]  Malcolm Robert Pattinson,et al.  The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies , 2017, Comput. Secur..

[16]  V. Klerk Initiation, Hazing or Orientation? A case study at a South African University , 2013 .

[17]  Hennie A. Kruger,et al.  The application of behavioural thresholds to analyse collective behaviour in information security , 2017, Inf. Comput. Secur..

[18]  Andreas Eckhardt,et al.  The attitude cube - A three-dimensional model of situational factors in IS adoption and their impact on the attitude-behavior relationship , 2015, Inf. Manag..