Self-efficacy in information security: Its influence on end users' information security practice behavior

Computers and Security

Volumn 28, Issue 8, 2009, Pages 816-826

  Rhee, Hyeun Suk ^a   Kim, Cheongtag ^b   Ryu, Young U ^c  

^a Asian and Pacific Training Centre for Information and Communication Technology for Development (UN A   (United States)

^b Seoul National University   (South Korea)

^c UNIVERSITY OF TEXAS AT DALLAS   (United States)

Author keywords

Information security; Information security practices; Self efficacy; Social cognitive theory; User behavior

Indexed keywords

INFORMATION SECURITY; INFORMATION SECURITY PRACTICE; SELF EFFICACY; SOCIAL COGNITIVE THEORY; USER BEHAVIORS;

BEHAVIORAL RESEARCH; SECURITY SYSTEMS;

NETWORK SECURITY;

EID: 71949094501     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2009.05.008     Document Type: Article

References (68)

1. Agarwal R., Sambamurthy V., and Stair R.M. Research report: the evolving relationship between general and specific computer self-efficacy-an empirical assessment. Information Systems Research 11 4 (2000) 418-430
2. Albrechtsen E. A qualitative study of users' view on information security. Computers & Security 26 (2007) 276-289
3. Ajzen I. The theory of planned behavior. Organizational Behavior and Human Decision Processes 50 2 (1991) 179-211
4. Angel I. Computer security in these uncertain times: the need for a new approach. Proceedings of the 10th international conferences on computer security, audit and control (CompSec), London, October (1993)
5. AOL/NCSA. Online safety study. White paper (2005), AOL/NCSA (American Online and National Cyber Security Alliance)
6. Bandura A. Social foundations of thoughts and action: a social cognitive theory (1986), Prentice Hall, Englewood Cliffs, NJ
7. Bandura A. Self-efficacy-the exercise of control (1997), W.H. Freeman and Company, New York
8. Bandura A., and Jourden F.J. Self-regulatory mechanisms governing the impact of social comparison on complex decision making. Journal of Personality and Social Psychology 60 6 (1991) 941-951
9. BERR. 2008 Information security breaches survey. Technical Report (2008), British Department of Business Enterprise & Regulatory Reform
10. Bishop M., Cheung S., Frank J., and Hoagland S. The threat from the net. IEEE Spectrum 34 8 (1997) 56-63
11. Chin W. The partial least squares approach for structural equation modeling. In: Marcoulides G.A. (Ed). Modern methods for business research (1998), Lawrence Erlbaum Associates, Hillsdale, N.J
12. Chin W. Partial least squares for researchers: an overview and presentation of recent advances using the PLS approach. Proceedings of the 21st international conference on information systems, Brisbane, Queensland, Australia (2000). http://disc-nt.cba.uh.edu/chin/icis2000plstalk.pdf
13. Collette R., and Gentile M. The security architect: bridging the gap between business, technology and security. The Information Systems Security Association Journal (April 2006) 42-44
14. Compeau D.R., and Higgins C.A. Computer self-efficacy: development of a measure and initial test. MIS Quarterly 19 2 (1995) 189-211
15. Compeau D., Gravill J., Haggerty N., and Kelley H. Computer self-efficacy: a review. In: Zhang P., and Galletta D. (Eds). Human computer interaction and management information systems: foundations. Advances in information systems series vol. 4 (2006), M.E. Sharpe, NJ [edited by V. Zwass]
16. Davis F.D., Bagozzi R.P., and Warshaw P.R. User acceptance of computer technology: a comparison of two theoretical models. Management Science 35 8 (1989) 982-1003
17. Dhillon G., and Backhouse J. Information system security management in the new millennium. Communications of the ACM 43 7 (2000) 125-128
18. Eastin M.S., and LaRose R. Internet self-efficacy and the psychology of the digital divide. Journal of Computer Mediated Communications 6 1 (2000)
19. Ellen P.S., Bearden W.O., and Sharma S. Resistance to technological innovations: an examination of the role of self-efficacy and performance satisfaction. Journal of the Academy of Marketing Science 19 4 (1991) 297-307
20. Ernst, and Young. Moving beyond compliance: Ernst & Young's 2008 global information security survey. White Paper (2008), Ernst & Young
21. Gecas V. The social psychology of self-efficacy. Annual Review of Sociology 15 (1989) 291-316
22. Gist M.E. Self-efficacy: implications for organizational behavior and human resource management. Academy of Management Review 12 3 (1987) 472-485
23. Gist M.E. Self-efficacy: a theoretical analysis of its determinants and malleability. Academy of Management Review 17 2 (1992) 183-211
24. Gist M.E., Schwoerer C.E., and Rosen B. Effects of alternative training methods on self-efficacy and performance in computer software training. Journal of Applied Psychology 74 6 (1989) 884-891
25. Gurin P., and Brim Jr. O.G. Change in self in adulthood: the example of sense of control. In: Baltes P.B., and Brim O.G. (Eds). Life span development and behavior vol. 6 (1984), Academic Press, New York 28-334
26. Hair Jr. J.F., Anderson R.E., Tatham R.L., and Black W.C. Multivariate data analysis. 5th ed. (1998), Prentice-Hall, Upper Saddle River, NJ
27. Harrison A.W., and Rainer Jr. R.K. The influence of individual differences on skill in end-user computing. Journal of Management Information Systems 9 1 (1992) 92-111
28. Henry J.W., and Stone R.W. A structural equation model of end-user satisfaction with a computer-based medical information system. Information Resources Management Journal 7 3 (1994) 21-33
29. Hsu M.H., and Chiu C.M. Internet self-efficacy and electronic service acceptance. Decision Support Systems 38 (2004) 369-381
30. Hughes C.T., and Gibson M.L. Students as surrogates for managers in a decision-making environment: an experimental study. Journal of Management Information Systems 8 2 (1991) 153-166
31. Hunton J.E., and Beeler J.D. Effects of the user participation in systems development by end users: a longitudinal field experiment. MIS Quarterly 21 4 (1997) 359-388
32. Igbaria M., and Iivari J. The effects of self-efficacy on computer usage. OMEGA International Journal of Management Sciences 23 6 (1995) 587-605
33. Kuhn D.R., Tracy M.C., and Frankel S.E. Security for telecommunicating and broadband communications (2002), National Institute of Standards and Technology, Technology Administration, U.S. Department of Commerce Special Report, p. 800-46
34. Kuo F.Y., and Hsu M.H. Development and validation of ethical computer self-efficacy measures: the case of soft lifting. Journal of Business Ethics 32 4 (2001) 299-315
35. Lee Y., and Kozar A. Investigating factors affecting adoption of anti-spyware systems. Communications of the ACM 48 8 (2005) 72-77
36. Loch K.D., and Conger S. Evaluating ethical decision making and computer use. Communication of the ACM 39 7 (1996) 74-83
37. Lohmoller J.B. LVPLS 1.8: latent variables path analysis with partial least squares estimations. Program Manual (1986), University of the Federal Armed Forces, Munich, Germany
38. Longo D.A., Lent R.W., and Brown S.D. Social cognitive variables in the prediction of client motivation and attribution. Journal of Counseling Psychology 39 4 (1992) 447-452
39. Mackenzie K. Employees may be opening the door to criminals (May 30, 2006), Financial Times Limited, London, England. http://www.ft.com/cms/s/458807fe-efec-11da-b80e-0000779e2340.html
40. Marakas G.M., Yi M.Y., and Johnson R.D. The multilevel and multifaceted characteristics of computer self-efficacy. Information Systems Research 9 2 (1998) 126-163
41. Microsoft. Security at home, web document, Microsoft (2006). http://www.microsoft.com/athome/security/default.mspx
42. Moore M.M. Pillars of your community, CSO online (2003). http://www.csoonline.com/read/010903/pillars.html
43. NCSA. How safe are you? Interactive web document (2004), National Cyber Security Alliance. http://www.staysafeonline.info/home-quiz.html
44. Ozer E.M., and Bandura A. Mechanisms governing empowerment effects: a self-efficacy analysis. Journal of Personality and Social Psychology 58 3 (1990) 472-486
45. Potosky D. A field study of computer self-efficacy beliefs as an outcome of training: the role of computer playfulness, computer knowledge, and performance during training. Computers in Human Behavior 18 3 (2002) 241-255
46. Power R. 2008 CSI computer crime & security survey. Technical Report (2008), Computer Security Institute
47. Rezgui Y., and Marks A. Information security awareness in higher education: an exploratory study. Computers & Security 27 (2008) 241-253
48. Rogers L.R. The goal of computer security or what's yours until you say otherwise!. Web document (2004), CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University. http://www.cert.org/homeusers/goalof_computersecurity.html
49. Skinner E.A. Perceived control, motivation, and coping (1995), Sage, Thousand Oaks, CA
50. Smith M. Computer security-threats, vulnerabilities, and countermeasures. Information Age 11 4 (1989) 205-210
51. Spruit MEM. Computing against human failing. 15th IFIP World Computer Congress, SEC, TC11, Vienna; 1995.
52. Stajkovic F.L., and Luthans B.C. Social cognitive theory and self-efficacy: going beyond traditional motivational and behavioral approaches. Organizational Dynamics 26 4 (1998) 62-74
53. Staples D.S., Hulland J.S., and Higgins C.A. A self-efficacy theory explanation for the management of remote workers in virtual organizations. Organization Science 10 6 (1999) 758-776
54. Stanton J.M., Stam K.R., Mastrangelo P., and Jolton J. Analysis of end user security behavior. Computers & Security 24 (2005) 124-133
55. Straub D.W. Effective IS security: an empirical study. Information Systems Research 1 3 (1990) 255-276
56. Straub D.W., and Welke R.J. Coping with systems risk: security planning models for management decision making. MIS Quarterly 22 4 (1998) 441-469
57. Taylor S., and Todd P. Assessing IT usage: the role of prior experience. MIS Quarterly 19 4 (1995) 561-570
58. Thatcher J.B., and Perrewe P.L. An empirical examination of individual traits as antecedents to computer anxiety and computer self-efficacy. MIS Quarterly 26 4 (2002) 381-396
59. Torkzadeh R., Pflughoeft K., and Hall L. Computer self-efficacy, training effectiveness and user attitudes: an empirical study. Behavior and Information Technology 28 4 (1999) 299-309
60. Thompson R. Why spyware poses multiple threats to security. Communications of the ACM 48 8 (2005) 41-43
61. Venkatesh V., Morris M.G., Davis F.D., and Davis G.B. User acceptance of information technology: toward a unified view. MIS Quarterly 27 3 (2003) 425-478
62. Washkuch F. American express warns of 'Security Measures' phishing scam. SC Magazine (May 25, 2006)
63. Whitman M.E. Enemy at the gate: threats to information security. Communications of the ACM 46 8 (August 2003) 91-95
64. Whitman M.E., and Mattord H.J. Principles of information security (2003), Thompson Course Technology, Boston, MA
65. Winkler I., and Hayden L. Social engineering through human intelligence. The Information Systems Security Association Journal (July 2005) 6-8
66. Woon I.M.Y., Tan G.W., and Low R.T. A protection motivation theory approach to home wireless security. Proceedings of the 26th international conference on information systems (2005) 367-380
67. Wood R., and Bandura A. Social cognitive theory of organizational management. Academy of Management Review 14 3 (1989) 361-384
68. Zhang Y., and Espinoza S. Relationships among computer self-efficacy, attitude toward computers, and desirability of learning computing skills. Journal of Research on Computing in Education 30 4 (1998) 420-436