Exploring potential gender differences in information security and privacy

Purpose Information technology users often fail to adopt necessary security and privacy measures, leading to increased risk of cybercrimes. There has been limited research on how demographic differences influence information security behaviour and understanding this could be important in identifying users who may be more likely to have poor information security behaviour. This study aims to investigate whether there are any gender differences in security and privacy behaviours and perceptions, to identify potential differences that may have implications for protecting users’ privacy and securing their devices, software and data. Design/methodology/approach This paper addresses this research gap by investigating security behaviours and perceptions in the following two studies: one focussing on information security and one on information privacy. Data was collected in both studies using anonymous online surveys. Findings This study finds significant differences between men and women in over 40% of the security and privacy behaviours considered, suggesting that overall levels of both are significantly lower for women than for men, with behaviours that require more technical skill being adopted less by female users. Furthermore, individual perceptions exhibited some gender differences. Originality/value This research suggests that potential gender differences in some security and privacy behaviours and perceptions should be taken into account when designing information security education, training and awareness initiatives for both organisations and the broader community. This study also provides a strong foundation to explore information security individual differences more deeply.

Download Full-text

Why not comply with information security? An empirical approach for the causes of non-compliance

Online Information Review ◽

10.1108/oir-11-2015-0358 ◽

2017 ◽

Vol 41 (1) ◽

pp. 2-18 ◽

Cited By ~ 24

Author(s):

Inho Hwang ◽

Daejin Kim ◽

Taeha Kim ◽

Sanghyun Kim

Keyword(s):

Information Security ◽

Structural Equation ◽

Measurement Model ◽

Critical Issue ◽

Security System ◽

Service Firms ◽

Security Systems ◽

Content Type ◽

Security Education ◽

Systems Security

Purpose The purpose of this paper is to empirically investigate the negative casual relationships between organizational security factors (security systems, security education, and security visibility) and individual non-compliance causes (work impediment, security system anxiety, and non-compliance behaviors of peers), which have negative influences on compliance intention. Design/methodology/approach Based on literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 415 responses from employees at manufacturing and service firms that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with AMOS 18.0. Findings Survey results validate that work impediment, security system anxiety, and non-compliance peer behaviors are the causes of employee non-compliance. In addition, the authors found that security systems, security education, and security visibility decrease instances of non-compliance. Research limitations/implications Organizations should establish a mixture of security investment in their systems, education, and visibility in order to effectively reduce employees’ non-compliance. In addition, organizations should recognize the importance of minimizing the particular causes of employees’ non-compliance to positively increase intentions to comply with information security. Originality/value An important issue in information security management is employee compliance. Understanding the reasons behind employees’ non-compliance is a critical issue. This paper investigates empirically why employees do not comply, and how organizations can induce employees to comply by a mixture of investments in security systems, education, and visibility.

Download Full-text

I shall, we shall, and all others will: paradoxical information security behaviour

Information and Computer Security ◽

10.1108/ics-03-2018-0034 ◽

2018 ◽

Vol 26 (3) ◽

pp. 290-305 ◽

Cited By ~ 2

Author(s):

Dirk P. Snyman ◽

Hennie Kruger ◽

Wayne D. Kearney

Keyword(s):

Information Security ◽

Design Methodology ◽

Threshold Analysis ◽

Content Type ◽

Security Education ◽

Privacy Paradox ◽

Possible Cause ◽

Practical Implications ◽

The Way

PurposeThe purpose of this paper is to investigate the lemming effect as a possible cause for the privacy paradox in information security.Design/methodology/approachBehavioural threshold analysis is used to test for the presence of the lemming effect in information security behaviour. Paradoxical behaviour may be caused by the influential nature of the lemming effect. The lemming effect is presented as a possible cause of the privacy paradox.FindingsThe behavioural threshold analysis indicates that the lemming effect is indeed present in information security behaviour and may lead to paradoxical information security behaviour.Practical implicationsThe analysis of the lemming effect can be used to assist companies in understanding the way employees influence each other in their behaviour in terms of security. By identifying possible problem areas, this approach can also assist in directing their information security education endeavours towards the most relevant topics.Originality/valueThis research describes the first investigation of the lemming effect in information security by means of behavioural threshold analysis in practice.

Download Full-text

Human Factors in Information Security and Privacy

Cyber Crime ◽

10.4018/978-1-61350-323-2.ch503 ◽

2013 ◽

pp. 1043-1057

Author(s):

Robert W. Proctor ◽

E. Eugene Schultz ◽

Kim-Phuong L. Vu

Keyword(s):

Information Security ◽

Human Factors ◽

Human Factor ◽

Security And Privacy ◽

Privacy Measures ◽

Empirical Investigations

Many measures that enhance information security and privacy exist. Because these measures involve humans in various ways, their effectiveness depends on the human factor. This chapter reviews basic components of information security and privacy with an emphasis on human factors issues. It provides an overview of empirical investigations that have been conducted regarding the usability of security and privacy measures. These studies show that users have difficulty interacting with complex interfaces and that users’ performance can be improved by incorporating human factors principles into the designs. The authors conclude by discussing how human factors analyses can lead to the design of usable systems for information security and privacy assurance.

Download Full-text

Achieving data security and privacy across healthcare applications using cyber security mechanisms

The Electronic Library ◽

10.1108/el-07-2020-0219 ◽

2020 ◽

Vol 38 (5/6) ◽

pp. 979-995

Author(s):

Shanying Zhu ◽

Vijayalakshmi Saravanan ◽

BalaAnand Muthu

Keyword(s):

Health Care ◽

Big Data ◽

Information Security ◽

Cyber Security ◽

Security And Privacy ◽

Future Research ◽

Healthcare Applications ◽

Content Type ◽

Environmental Controls

Purpose Currently, in the health-care sector, information security and privacy are increasingly important issues. The improvement in information security is highlighted in adopting digital patient records based on regulation, providers’ consolidation, and the growing need to exchange information among patients, providers, and payers. Design/methodology/approach Big data on health care are likely to improve patient outcomes, predict epidemic outbreaks, gain valuable insights, prevent diseases, reduce health-care costs and improve analysis of the quality of life. Findings In this paper, the big data analytics-based cybersecurity framework has been proposed for security and privacy across health-care applications. It is vital to identify the limitations of existing solutions for future research to ensure a trustworthy big data environment. Furthermore, electronic health records (EHR) could potentially be shared by various users to increase the quality of health-care services. This leads to significant issues of privacy that need to be addressed to implement the EHR. Originality/value This framework combines several technical mechanisms and environmental controls and is shown to be enough to adequately pay attention to common threats to network security.

Download Full-text

Exploring information security education on social media use

Aslib Journal of Information Management ◽

10.1108/ajim-09-2018-0213 ◽

2019 ◽

Vol 71 (5) ◽

pp. 618-636 ◽

Cited By ~ 3

Author(s):

Shoufeng Ma ◽

Shixin Zhang ◽

Geng Li ◽

Yi Wu

Keyword(s):

Social Media ◽

Information Security ◽

User Satisfaction ◽

Equation Modeling ◽

Security Awareness ◽

Research Model ◽

Content Type ◽

Content Quality ◽

Media Usage ◽

Security Education

Purpose Based on the literature on information security (InfoSec) education and uses and gratifications theory, the purpose of this paper is to propose and test a research model to examine the impact of InfoSec education on social media usage. Design/methodology/approach The authors employed structural equation modeling to test the research model, with a survey data set of 293 valid subjects from a WeChat subscription about InfoSec education named secrecy view. Findings The results reveal the significant impacts of perceived content quality, perceived social influence and perceived entertainment on user satisfaction in the context of security education and social media. User satisfaction is significantly associated with user stickiness and security knowledge improvement. Additionally, the authors found that user’s security awareness moderated the effect of perceived entertainment on user satisfaction. Research limitations/implications Using a single sample might constrain the contributions of this study. Practical implications The authors suggest practical guidelines for InfoSec education on social media by enhancing perceived content quality. Moreover, due to diverse user attributes, the social media operators should recommend targeted content to different users. Originality/value This study contributes to studies on InfoSec education of social media usage and identifies factors that affect user satisfaction with social media. Furthermore, the study enriches the security education practices by uncovering differences in security awareness with regard to user satisfaction.

Download Full-text

Work-related groups and information security policy compliance

Information and Computer Security ◽

10.1108/ics-08-2017-0054 ◽

2018 ◽

Vol 26 (5) ◽

pp. 533-550 ◽

Cited By ~ 2

Author(s):

Teodor Sommestad

Keyword(s):

Decision Making ◽

Information Security ◽

Security Policy ◽

Content Type ◽

Security Culture ◽

Work Related ◽

Individual Perceptions ◽

Information Security Policy Compliance ◽

Security Policy Compliance ◽

Information Security Culture

PurposeIt is widely acknowledged that norms and culture influence decisions related to information security. The purpose of this paper is to investigate how work-related groups influence information security policy compliance intentions and to what extent this influence is captured by the Theory of Planned Behavior, an established model over individual decision-making.Design/methodology/approachA multilevel model is used to test the influence of work-related groups using a cluster sample of responses from 2,291 employees from 203 worksites, 119 organizations, 6 industries and 38 professions.FindingsThe results suggest that work-related groups influence individuals’ decision-making in the manner in which contemporary theories of information security culture posit. However, the influence is weak to modest and overshadowed by individual perceptions that are straightforward to measure.Research limitations/implicationsThis paper is limited to one national culture and four types of work-related groups. However, the results suggest that the Theory of Planned Behavior captures most of the influence that work-related groups have on decision-making. Future research on security culture and similar phenomena should take this into account.Practical implicationsInformation security perceptions in work-related groups are diverse and information security decisions appear to be based on individual perceptions and priorities rather than groupthink or peer-pressure. Security management interventions may be more effective if they target individuals rather than groups.Originality/valueThis paper tests some of the basic ideas related to information security culture and its influence on individuals’ decision-making.

Download Full-text

Human Factors in Information Security and Privacy

Handbook of Research on Information Security and Assurance ◽

10.4018/978-1-59904-855-0.ch035 ◽

2009 ◽

pp. 402-414 ◽

Cited By ~ 3

Author(s):

Robert W. Proctor ◽

E. Eugene Schultz ◽

Kim-Phuong L. Vu

Keyword(s):

Information Security ◽

Human Factors ◽

Human Factor ◽

Security And Privacy ◽

Privacy Measures ◽

Empirical Investigations

Download Full-text

A systematic approach to investigating how information security and privacy can be achieved in BYOD environments

Information and Computer Security ◽

10.1108/ics-03-2016-0025 ◽

2017 ◽

Vol 25 (4) ◽

pp. 475-492 ◽

Cited By ~ 2

Author(s):

Abubakar Garba Bello ◽

David Murray ◽

Jocelyn Armarego

Keyword(s):

Information Security ◽

Best Practice ◽

Personal Information ◽

Mitigation Strategies ◽

Security And Privacy ◽

Bring Your Own Device ◽

Content Type ◽

Practice Approach ◽

Privacy Risks ◽

A Current

Purpose This paper’s purpose is to provide a current best practice approach that can be used to identify and manage bring your own device (BYOD) security and privacy risks faced by organisations that use mobile devices as part of their business strategy. While BYOD deployment can provide work flexibility, boost employees’ productivity and be cost cutting for organisations, there are also many information security and privacy issues, with some widely recognised, and others less understood. This paper focuses on BYOD adoption, and its associated risks and mitigation strategies, investigating how both information security and privacy can be effectively achieved in BYOD environments. Design/methodology/approach This research paper used a qualitative research methodology, applying the case study approach to understand both organisational and employee views, thoughts, opinions and actions in BYOD environments. Findings This paper identifies and understands BYOD risks, threats and influences, and determines effective controls and procedures for managing organisational and personal information resources in BYOD. Research limitations/implications The scope of this paper is limited to the inquiry and findings from organisations operating in Australia. This paper also suggests key implications that lie within the ability of organisations to adequately develop and deploy successful BYOD management and practices. Originality/value This paper expands previous research investigating BYOD practices, and also provides a current best practice approach that can be used by organisations to systematically investigate and understand how to manage security and privacy risks in BYOD environments.

Download Full-text

Current information security education development research—a case study in Purdue University CERIAS

Information and Communication Technology for Education ◽

10.2495/icte131142 ◽

2014 ◽

Author(s):

Hongsong Chen ◽

Zhongchuan Fu

Keyword(s):

Information Security ◽

Development Research ◽

Education Development ◽

Security Education ◽

Current Information ◽

Purdue University

Download Full-text

Safety and efficacy of stereotactic radiosurgery for tumors of the spine

Journal of Neurosurgery ◽

10.3171/jns.2004.101.supplement_3.0413 ◽

2004 ◽

pp. 413-418 ◽

Cited By ~ 14

Author(s):

Deborah L. Benzil ◽

Mehran Saboori ◽

Alon Y. Mogilner ◽

Ronald Rocchio ◽

Chitti R. Moorthy

Keyword(s):

Spinal Cord ◽

Single Dose ◽

Pain Relief ◽

Total Dose ◽

Stereotactic Radiosurgery ◽

Medical Center ◽

Primary Tumors ◽

Content Type ◽

Increased Risk ◽

Fine Print

Object. The extension of stereotactic radiosurgery treatment of tumors of the spine has the potential to benefit many patients. As in the early days of cranial stereotactic radiosurgery, however, dose-related efficacy and toxicity are not well understood. The authors report their initial experience with stereotactic radiosurgery of the spine with attention to dose, efficacy, and toxicity. Methods. All patients who underwent stereotactic radiosurgery of the spine were treated using the Novalis unit at Westchester Medical Center between December 2001 and January 2004 are included in a database consisting of demographics on disease, dose, outcome, and complications. A total of 31 patients (12 men, 19 women; mean age 61 years, median age 63 years) received treatment for 35 tumors. Tumor types included 26 metastases (12 lung, nine breast, five other) and nine primary tumors (four intradural, five extradural). Thoracic tumors were most common (17 metastases and four primary) followed by lumbar tumors (four metastases and four primary). Lesions were treated to the 85 to 90% isodose line with spinal cord doses being less than 50%. The dose per fraction and total dose were selected on the basis of previous treatment (particularly radiation exposure), size of lesion, and proximity to critical structures. Conclusions. Rapid and significant pain relief was achieved after stereotactic radiosurgery in 32 of 34 treated tumors. In patients treated for metastases, pain was relieved within 72 hours and remained reduced 3 months later. Pain relief was achieved with a single dose as low as 500 cGy. Spinal cord isodoses were less than 50% in all patients except those with intradural tumors (mean single dose to spinal cord 268 cGy and mean total dose to spinal cord 689 cGy). Two patients experienced transient radiculitis (both with a biological equivalent dose (BED) > 60 Gy). One patient who suffered multiple recurrences of a conus ependymoma had permanent neurological deterioration after initial improvement. Pathological evaluation of this lesion at surgery revealed radiation necrosis with some residual/recurrent tumor. No patient experienced other organ toxicity. Stereotactic radiosurgery of the spine is safe at the doses used and provides effective pain relief. In this study, BEDs greater than 60 Gy were associated with an increased risk of radiculitis.

Download Full-text