A Study of Information System Risk Perceptions at a Local Government Organisation

This paper reports on a study that examined the perceptions of computer users in regard to the risks to their organisation’s information systems (IS). A total of 12 employees from a local government organisation were interviewed in accordance with the Repertory Grid Technique (RGT). These structured interviews elicited a total of 110 constructs which represented individual thoughts, beliefs and views pertaining to information security (InfoSec) risks. These constructs were hermeneutically allocated into 28 categories of risk perception and then analysed via Content Analysis and Principal Component Analysis (PCA) to identify perceptions of IS risks and to uncover the major situational factors that influence these perceptions. The findings indicate that the local government participants perceived that the most serious risk to their organisation’s IS was that systems will become unusable or unavailable such that large costs would be incurred to restore services and to maintain productivity. The situational factor that had the most influence on this IS risk perception was the type of loss suffered.

[1]  Keng Siau,et al.  Important characteristics of software development team members: an empirical investigation using Repertory Grid , 2010, Inf. Syst. J..

[2]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[3]  Nannette P. Napier,et al.  IT project managers' construction of successful project management practice: a repertory grid investigation , 2009, Inf. Syst. J..

[4]  Younghwa Lee,et al.  Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software , 2009, Eur. J. Inf. Syst..

[5]  Oscar Tomico,et al.  The Repertory Grid Technique as a Method for the Study of Cultural Differences , 2009 .

[6]  Paul Benjamin Lowry,et al.  An Overview and Tutorial of the Repertory Grid Technique in Information Systems Research , 2008, Commun. Assoc. Inf. Syst..

[7]  Kim S. Sankey,et al.  Relationships between young drivers' personality characteristics, risk perceptions, and driving behaviour. , 2008, Accident; analysis and prevention.

[8]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[9]  Jan Noyes,et al.  How does our perception of risk influence decision-making? Implications for the design of risk information , 2007 .

[10]  Jeanne Bertolli,et al.  HIV-related risk behaviors, perceptions of risk, HIV testing, and exposure to prevention messages and methods among urban American Indians and Alaska Natives. , 2006, AIDS education and prevention : official publication of the International Society for AIDS Education.

[11]  Clinton M. Jenkin Risk Perception and Terrorism: Applying the Psychometric Paradigm , 2006 .

[12]  Felix B. Tan,et al.  Aligning business and information systems thinking: a cognitive approach , 2006, IEEE Transactions on Engineering Management.

[13]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[14]  Stephen L. Brown,et al.  Relationships between risk-taking behaviour and subsequent risk perceptions. , 2005, British journal of psychology.

[15]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[16]  B. Fischhoff,et al.  Facts and Fears: Understanding Perceived Risk , 2005 .

[17]  C. Essau Risk‐taking Behaviour among German Adolescents , 2004 .

[18]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[19]  N. Facione,et al.  Predictors of perceived breast cancer risk and the relation between perceived risk and breast cancer screening: a meta-analytic review. , 2004, Preventive medicine.

[20]  Devi Jankowicz,et al.  The Easy Guide to Repertory Grids , 2003 .

[21]  Felix B. Tan,et al.  Exploring website evaluation criteria using the repertory grid technique: a Web Designers' perspective , 2003 .

[22]  Felix B. Tan,et al.  The Repertory Grid Technique: A Method for the Study of Cognition in Information Systems , 2002, MIS Q..

[23]  Tony Moynihan,et al.  An inventory of personal constructs for information systems project risk researchers , 1996, J. Inf. Technol..

[24]  A. Bytheway,et al.  Factors affecting information systems’ success , 1996 .

[25]  R. Chessick Psychoanalysis in Transition: A Personal View , 1995 .

[26]  M. Gill Psychoanalysis in Transition: A Personal View , 1994 .

[27]  R. C. Schwing,et al.  Societal Risk Assessment: How Safe is Safe Enough? , 1980 .

[28]  P. Honey,et al.  The repertory grid in action , 1979 .

[29]  B. Fischhoff,et al.  How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits , 1978 .

[30]  W. Velicer Determining the number of components from the matrix of partial correlations , 1976 .

[31]  H. Kaiser An index of factorial simplicity , 1974 .