The security awareness paradox: A case study

ASONAM 2014 - Proceedings of the 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining

Volumn , Issue , 2014, Pages 704-711

  Tariq, Muhammad Adnan ^a   Brynielsson, Joel ^a,b   Artman, Henrik ^a,b  

^a ROYAL INSTITUTE OF TECHNOLOGY   (Sweden)

^b SWEDISH DEFENCE RESEARCH AGENCY   (Sweden)

Author keywords

IT security; paradoxical reasoning; User awareness

Indexed keywords

SECURITY SYSTEMS; TELECOMMUNICATION INDUSTRY;

INFORMATION SECURITY AWARENESS; IT SECURITY; KNOWLEDGE-INTENSIVE ORGANIZATIONS; LEVEL OF CONSISTENCIES; PARADOXICAL REASONING; SEMI STRUCTURED INTERVIEWS; TELECOMMUNICATION COMPANIES; USER AWARENESS;

SECURITY OF DATA;

EID: 84911164336     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ASONAM.2014.6921663     Document Type: Conference Paper

References (29)

1. M. T. Siponen, "Five dimensions of information security awareness, " Computers and Society, vol. 31, no. 2, pp. 24-29, Jun. 2001.
2. B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness, " MIS Quarterly, vol. 34, no. 3, pp. 523-548, Sep. 2010.
3. P. Dourish and V. Bellotti, "Awareness and coordination in shared workspaces, " in Proceedings of the 1992 ACM Conference on Computer-Supported Cooperative Work, ser. CSCW'92. New York, NY: ACM, 1992, pp. 107-114.
4. A. Adams and A. Blandford, "Bridging the gap between organizational and user perspectives of security in the clinical domain, " International Journal of Human-Computer Studies, vol. 63, no. 1-2, pp. 175-202, Jul. 2005.
5. A. Adams and M. A. Sasse, "Users are not the enemy: Why users compromise computer security mechanisms and how to take remedial measures, " Communications of the ACM, vol. 42, no. 12, pp. 40-46, Dec. 1999.
6. S. M. Furnell, A. Jusoh, and D. Katsabas, "The challenges of understanding and using security: A survey of end-users, " Computers & Security, vol. 25, no. 1, pp. 27-35, Feb. 2006.
7. T. Herath and H. R. Rao, "Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness, " Decision Support Systems, vol. 47, no. 2, pp. 154-165, May 2009.
8. S. M. Furnell and N. Clarke, "Power to the people? The evolving recognition of human aspects of security, " Computers & Security, vol. 31, no. 8, pp. 983-988, Nov. 2012.
9. M. Workman, W. H. Bommer, and D. Straub, "Security lapses and the omission of information security measures: A threat control model and empirical test, " Computers in Human Behavior, vol. 24, no. 6, pp. 2799-2816, Sep. 2008.
10. B.-Y. Ng, A. Kankanhalli, and Y. C. Xu, "Studying users' computer security behavior: A health belief perspective, " Decision Support Systems, vol. 46, no. 4, pp. 815-825, Mar. 2009.
11. M. E. Zurko and R. T. Simon, "User-centered security, " in Proceedings of the 1996 New Security Paradigms Workshop, ser. NSPW'96. New York, NY: ACM, 1996, pp. 27-33.
12. M. E. Zurko, "User-centered security: Stepping up to the grand challenge, " in Proceedings of the 21st Annual Computer Security Applications Conference, ser. ACSAC'05. Washington, DC: IEEE Computer Society, 2005, pp. 187-200.
13. J. D'Arcy and A. Hovav, "Does one size fit all? Examining the differential effects of IS security countermeasures, " Journal of Business Ethics, vol. 89, no. 1, pp. 59-71, May 2009.
14. B. Lebek, J. Uffen, M. H. Breitner, M. Neumann, and B. Hohler, "Employees' information security awareness and behavior: A literature review, " in Proceedings of the 2013 46th Hawaii International Conference on System Sciences, ser. HICSS'13. Washington, DC: IEEE Computer Society, 2013, pp. 2978-2987.
15. A. Tsohou, S. Kokolakis, M. Karyda, and E. Kiountouzis, "Investigating information security awareness: Research and practice gaps, " Information Security Journal: A Global Perspective, vol. 17, no. 5-6, pp. 207-227, Sep. 2008.
16. J. B. Gross and M. B. Rosson, "Looking for trouble: Understanding end-user security management, " in Proceedings of the 2007 Symposium on Computer Human Interaction for the Management of Information Technology, ser. CHIMIT'07. New York, NY: ACM, 2007.
17. E. Albrechtsen, "A qualitative study of users' view on information security, " Computers & Security, vol. 26, no. 4, pp. 276-289, Jun. 2007.
18. M. Siponen, M. A. Mahmood, and S. Pahnila, "Employees' adherence to information security policies: an exploratory field study, " Information & Management, vol. 51, no. 2, pp. 217-224, Mar. 2014.
19. A. Whitten and J. D. Tygar, "Why Johnny can't encrypt: A usability evaluation of PGP 5.0, " in Proceedings of the 8th USENIX Security Symposium, ser. SSYM'99. Berkeley, CA: USENIX Association, 1999.
20. N. D. Weinstein and W. M. Klein, "Unrealistic optimism: Present and future, " Journal of Social and Clinical Psychology, vol. 15, no. 1, pp. 1-8, Mar. 1996.
21. V. Hoorens, "Self-favoring biases for positive and negative characteristics: Independent phenomena?" Journal of Social and Clinical Psychology, vol. 15, no. 1, pp. 53-67, Mar. 1996.
22. H.-S. Rhee, Y. U. Ryu, and C.-T. Kim, "Unrealistic optimism on information security management, " Computers & Security, vol. 31, no. 2, pp. 221-232, Mar. 2012.
23. R. West, "The psychology of security: Why do good users make bad decisions?" Communications of the ACM, vol. 51, no. 4, pp. 34-40, Apr. 2008.
24. A. Bryman, Social Research Methods. Oxford University Press, Inc., 2001.
25. G. Dhillon and J. Backhouse, "Current directions in IS security research: towards socio-organizational perspectives, " Information Systems Journal, vol. 11, no. 2, pp. 127-153, Apr. 2001.
26. J. M. Stanton, K. R. Stam, P. Mastrangelo, and J. Jolton, "Analysis of end user security behaviors, " Computers & Security, vol. 24, no. 2, pp. 124-133, Mar. 2005.
27. R. E. Crossler, A. C. Johnston, P. B. Lowry, Q. Hu, M. Warkentin, and R. Baskerville, "Future directions for behavioral information security research, " Computers & Security, vol. 32, no. 1, pp. 90-101, Feb. 2013.
28. D. B. Parker, "Restating the foundation of information security, " Computer Audit Update, vol. 1991, no. 10, pp. 2-15, Oct. 1991.
29. P. Dourish, R. E. Grinter, J. Delgado de la Flor, and M. Joseph, "Security in the wild: user strategies for managing security as an everyday, practical problem, " Personal and Ubiquitous Computing, vol. 8, no. 6, pp. 391-401, Nov. 2004.