A qualitative study of users' view on information security

Computers and Security

Volumn 26, Issue 4, 2007, Pages 276-289

  Albrechtsen, Eirik ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

Awareness; Behaviour; Information security; Information security management; Participation; Qualitative research; Users

Indexed keywords

INFORMATION TECHNOLOGY; SOCIETIES AND INSTITUTIONS; USER INTERFACES;

QUALITATIVE RESEARCH; QUALITATIVE STUDY; SECURITY AWARENESS;

SECURITY OF DATA;

EID: 34249871944     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2006.11.004     Document Type: Article

References (43)

1. Aarø L.A., and Rise J. Den menneskelige faktor. Norwegian [The human factor] (1996), Skadeforebyggende forum, Bergen, Norway
2. Adams A., and Sasse M.A. Users are not the enemy. Communications of the ACM 42 12 (1999) 41-46
3. Adler P.S., and Winograd T. The usability challenge. In: Adler P.S., and Winograd T.A. (Eds). Usability - turning technologies into tools (1992), Oxford University Press, New York
4. Albrechtsen E., and Grøtan T.O. Gammeldags tenkning i moderne organisasjoner? Om IKT-sikkerhet i kunnskapsorganisasjoner. Norwegian [old-fashioned thinking in modern organisations? On ICT-security in knowledge organisations]. In: Lydersen S. (Ed). Fra flis i fingeren til ragnarokk (2004), Tapir Akademisk Forlag, Trondheim, Norway 319-335
5. Argyris C., and Schön D. Organizational learning II (1996), Addison Wesley, New York
6. Beck U. Risk society: towards a new modernity (1992), SAGE, London
7. Besnard D., and Arief B. Computer security impaired by legitimate users. Computers and Security 23 3 (2004) 253-264
8. Braverman H. Labor and Monopoly Capital (1974), Monthly Review Press, New York
9. Brunsson N. The organization of hypocrisy. Talk, decisions and actions in organizations. 2nd ed. (2002), Abstrakt forlag, Oslo, Norway
10. Dhillon G., and Backhouse J. Information system security management in the new millennium. Communications of the ACM 43 7 (2000) 125-128
11. Dhillon G., and Backhouse J. Current directions in IS security research: towards socio-organizational perspectives. Information Systems Journal 11 2 (2001) 127-153
12. Douglas M., and Wildavsky A. Risk and culture. An essay on the selection of technological and environmental dangers (1982), University of California Press, Berkeley
13. Ehn P. Scandinavian design: on participation and skill. In: Adler P.S., and Winograd T.A. (Eds). Usability - turning technologies into tools (1992), Oxford University Press, New York
14. Fischoff B., Slovic P., Lichtenstein S., Read S., and Combs B. How safe is safe enough?. In: Slovic P. (Ed). A psychometric study of attitudes toward technological risk and benefits. The perception of risk (2000), Earthscan Publications Ltd, London
15. Fischoff B., Slovic P., and Lichtenstein S. Weighing the risks: which risks are acceptable?. In: Slovic P. (Ed). The perception of risk (2000), Earthscan Publications Ltd, London
16. Hovden J. Ethics and safety: "mortal" questions for safety management. Paper at the conference Safety in Action. Melbourne; 1998.
17. ISF. The standard of good practise for information security. Version 4.1. Information security forum; 2005.
18. Iversen H., Rundmo T., and Klempe H. Risk attitudes and behaviour among Norwegian adolescents. European Psychologist 10 1 (2005) 25-38
19. Jaeger C.C., Renn O., Rosa E.A., and Webler T. Risk, uncertainty and rational action (2001), Earthscan Publications Ltd, London
20. Klinke A., and Renn O. A new approach to risk evaluation and management: risk-based, precaution-based, and discourse-based strategies. Risk Analysis 22 6 (2002) 1071-1094
21. Kuttschreuter M., and Gutteling J.M. Experience-based processing of risk information: the case of the millennium bug. Journal of Risk Research 7 1 (2004) 3-16
22. Kvale S. Interviews. An introduction to qualitative research interviewing (1996), Sage, Thousand Oaks, CA
23. Leiulfsrud H., and Hvinden B. Analyse av kvalitative data: Fikserbilde eller puslespill? Norwegian [Qualitative data analysis: puzzle picture or jigsaw puzzle?]. In: Holter H., and Kalleberg R. (Eds). Kvalitative metoder i samfunnsvitenskapene (1996), Universitetsforlaget, Oslo, Norway
24. Levin M., and Klev R. Forandring som praksis. Læring og utvikling i organisasjoner. Norwegian [Change as practise. Learning and development in organisations] (2002), Fagbokforlaget, Bergen, Norway
25. Lund J., and Aarø L.A. Accident prevention. Presentation of a model placing emphasis on human, structural and cultural factors. Safety Science 42 4 (2004) 271-324
26. Lysgaard S. Arbeiderkollektivet. Norwegian [The workers' collective] (1961), Universitetsforlaget, Oslo, Norway
27. March J., and Simon H.A. Organizations (1958), John Wiley, New York
28. Miles M.B., and Huberman A.M. Qualitative data analysis (1994), Sage Publications, Thousand Oaks, CA
29. OECD. OECD guidelines for the security of information systems and networks: towards a culture of security; 2002.
30. Rasmussen J. Human errors. A taxonomy for describing human malfunction in industrial installations. Journal of Occupational Accidents 4 (1982) 311-333
31. Rasmussen J. Risk management in a dynamic society: a modeling problem. Safety Science 27 2/3 (1997) 183-213
32. Renn O. Premises of risk communication: Results of two participatory experiments. In: Kasperson R.E., and Stallen P.J. (Eds). Communicating risk to the public: International perspectives (1991), Kluwer Academic, Amsterdam 457-481
33. Rosness R., Om jeg hamrer eller hamres, like fullt så skal der jamres. Målkonflikter og sikkerhet. In: Norwegian [Goal conflicts and safety]; 2001 [SINTEF report no. STF38 A01408M].
34. Schneier B. Secrets & lies. Digital security in a networked world (2000), John Wiley, New York
35. Schultz E. Security training and awareness - fitting a square peg in a round hole. Computers and Security 23 1 (2004) 1-2
36. Schultz E. The human factor in security. Computers and security 24 6 (2005) 425-426
37. Shrader-Frechette K.S. Risk and rationality (1991), University of California Press, Oxford
38. Slovic P. The perception of risk (2000), Earthscan Publications Ltd, London
39. Stanton N., and Glendon I. Risk homeostasis and risk assessment. Safety Science 22 1-3 (1996) 1-13
40. Stanton J.M., Stam K.R., Mastrangelo P., and Jolton J. Analysis of end user security behaviours. Computers and Security 24 2 (2005) 124-133
41. Strauss A., and Corbin J. Basics of qualitative research (1998), SAGE Publications, Thousand Oaks, CA
42. Thagaard T. Systematikk og innlevelse. En innføring i kvalitativ metode. Norwegian [Introduction to qualitative methods] (2002), Fagbokforlaget, Bergen, Norway
43. Wilde G.J.S. The theory of risk homeostasis: implications for safety and health. Risk Analysis 2 4 (1982) 209-225