Behavior Ever Follows Intention?: A Validation of the Security Behavior Intentions Scale (SeBIS)

The Security Behavior Intentions Scale (SeBIS) measures the computer security attitudes of end-users. Because intentions are a prerequisite for planned behavior, the scale could therefore be useful for predicting users' computer security behaviors. We performed three experiments to identify correlations between each of SeBIS's four sub-scales and relevant computer security behaviors. We found that testing high on the awareness sub-scale correlated with correctly identifying a phishing website; testing high on the passwords sub-scale correlated with creating passwords that could not be quickly cracked; testing high on the updating sub-scale correlated with applying software updates; and testing high on the securement sub-scale correlated with smartphone lock screen usage (e.g., PINs). Our results indicate that SeBIS predicts certain computer security behaviors and that it is a reliable and valid tool that should be used in future research.

[1]  Chunming Qiao,et al.  PhoneLab: A Large Programmable Smartphone Testbed , 2013, SENSEMINE@SenSys.

[2]  Adam N. Joinson,et al.  Development of measures of online privacy concern and protection for use on the Internet , 2007, J. Assoc. Inf. Sci. Technol..

[3]  A. Tenbrunsel,et al.  Organizational Behavior and Human Decision Processes , 2013 .

[4]  Serge Egelman,et al.  Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) , 2015, CHI.

[5]  I. Ajzen The theory of planned behavior , 1991 .

[6]  Sören Preibusch,et al.  Guide to measuring privacy concern: Review of survey and observational instruments , 2013, Int. J. Hum. Comput. Stud..

[7]  Ponnurangam Kumaraguru,et al.  Privacy Indexes: A Survey of Westin's Studies , 2005 .

[8]  Blase Ur,et al.  Measuring Real-World Accuracies and Biases in Modeling Password Guessability , 2015, USENIX Security Symposium.

[9]  A.,et al.  Cognitive Engineering , 2008, Encyclopedia of GIS.

[10]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[11]  A. Acquisti,et al.  Reputation as a sufficient condition for data quality on Amazon Mechanical Turk , 2013, Behavior Research Methods.

[12]  Naresh K. Malhotra,et al.  Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model , 2004, Inf. Syst. Res..

[13]  Lorrie Faith Cranor,et al.  Timing is everything?: the effects of timing and placement of online privacy indicators , 2009, CHI.