Search results for "security behavior"
showing 6 items of 6 documents
Improving Password Memorability, While Not Inconveniencing the User
2019
Passwords are the most frequently used authentication mechanism. However, due to increased password numbers, there has been an increase in insecure password behaviors (e.g., password reuse). Therefore, new and innovative ways are needed to increase password memorability and security. Typically, users are asked to input their passwords once in order to access the system, and twice to verify the password, when they create a new account. But what if users were asked to input their passwords three or four times when they create new accounts? In this study, three groups of participants were asked to verify their passwords once (control group), twice, and three times (two experimental groups). Ps…
Improving Password Memorability, While Not Inconveniencing the User
2019
Abstract Passwords are the most frequently used authentication mechanism. However, due to increased password numbers, there has been an increase in insecure password behaviors (e.g., password reuse). Therefore, new and innovative ways are needed to increase password memorability and security. Typically, users are asked to input their passwords once in order to access the system, and twice to verify the password, when they create a new account. But what if users were asked to input their passwords three or four times when they create new accounts? In this study, three groups of participants were asked to verify their passwords once (control group), twice, and three times (two experimental gr…
Prosessiteoreettinen näkökulma, joka selittää henkilökohtaisen tietokoneen käyttöön liittyvää tietoturvakäyttäytymisen muutosta
2016
IS security behavior has become a mainstream topic in information systems. Extent research is dominated with the viewpoint for discovery of generic and stable predictors. The viewpoint rests on the implicit assumption that information security behavior can be explained by discovering these factors. The best know examples are IS security behavior models grounded upon Protection Motivation Theory (PMT) and the Deterrence Theory (DT). The success of this perspective hinges on the question as to what extend the IS security behavior and the reasons for it, are constant from time to time and from one specific security situation to another. The viewpoint is successful if computer users have built …
Toward a stage theory of the development of employees’ information security behavior
2020
Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain a case where the reasons for ISB change. However, the underlying reasons and motives for users’ ISB are not static but may change over time. To understand the change in reasoning between different antecedents, we examine stage theorizing in other fields and develop the requirements for an emergent theory of the development of employees’ ISB: (1) the content of stages based on the stage elements and their stage-specific attributes; (2) the stage-independent element explaini…
Do SETA Interventions Change Security Behavior? : A Literature Review
2023
Information security education, training, and awareness (SETA) are approaches to changing end-users’ security behavior. Research into SETA has conducted interventions to study the effects of SETA on security behavior. However, we lack aggregated knowledge on ‘how do SETA interventions influence security behavior?’. This study reviews 21 empirical SETA intervention studies published across the top IS journals. The theoretical findings show that the research has extended Protection Motivation Theory by (1) enhancements to fear appeals; (2) drawing attention to relevance; (3) incorporating temporality; (4) and shifting from intentions to behavior. In terms of behavior, the SETA interventions h…
Exploring determinants of different information security behaviors
2016
Aim: The aim was to introduce new explanatory construct, namely illegitimate tasks from Stress-as-Offense-to-Self Theory (SOS), to better understand information security behavior (ISB). In addition, more commonly used constructs from Deterrence theory (DT) and Protection Motivation Theory (PMT) were used to explain ISB. This study also investigated several behaviors separately to evaluate the generalizability of the behavioral determinants. Methods: Four ISBs, namely general ISP compliance (ISP), not copying sensitive information to the unsecured USB drive (USB), locking or logging out from the computer (LOG), and not writing down passwords (PSW). Formal and informal sanctions from DT, thre…