The Relationship between Security Motivations and Security Safeguard Usage
Abstract
Research on Computer Security Safeguard within the workplace in Thailand is aim to survey the computer security safeguard in the workplace and also the motivation of user on the implementation of them. The first hypothesis states that the nature of demographic difference (gender, age, educational level, job type, and working experience), affecting on the level of usage for security safeguard. The second hypothesis is the security motivation (The severity of the damage, Protection Capabilities, System risk, Benefits of system protection) has a relationship with level of usage for security safeguard. The sample group consisted of 385 respondents from the employee who works on computer related job in Thailand. The statistics used for data analysis are Descriptive statistics and inferential statistics (Independent t-test, One-way ANOVA, and Pearson's chi-squared). The study found that the different in job type have significant effects on the level of usage for security safeguard. The supporting and training group has the lowest significant level of security usage when compare with other job types. The organization should create security awareness into this group as a first priority before they begin their training jobs. This group will contribute these awareness and security knowledge through other user in general. The result from the study showed that the system risk is the most motivator that has a high relationship with the usage of security safeguard. The training in security should emphasize on the system risk and the damage from the security threat. The organization could use this result to plan for their security training and create security awareness among computer system users.
Full Text:
PDFReferences
REFERENCES
Min Xiao, Mei Guo, Computer Network Security and Preventive Measures in the Age of Big Data: Procedia Computer Science 166 (2020), pp. 438–442.
Sadaf Hina et al., Institutional governance and protection motivation: Theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world: Computers & Security Volume 87, November 2019, 101594.
Obi Ogbanufe, Enhancing End-User Roles in Information Security: Exploring the Setting, Situation, and Identity: Computers & Security Volume 108, September 2021, 102340.
Yanqing Ding et al., Research and appl ication of secur ity ba seline in bus ine ssinf or mation system: Procedia Computer Science 183 (2021), pp. 630–635.
Ma Li, Zhu Guobang, Lu Lei. Interpretation of the "Basic Requirements for Network Security GradeProtection" (GB / T 22239-2019) [J].Information Network Security,2019(02): pp. 77-84.
Liand H., Xue Y., Understanding security behaviors in personal computer usage: a threat avoidance perspective. J Assoc Int Syst 2010; 11(7):394-413.
Anderson CL., Agarwal R. Practicing safe computing : a multimedia empirical examination of home computer user security behavior intentions. MIS Q 2010;34(3):63-43.
Herath , Rao Hr. Protection motivation and deterrence: a framework for security policy compliance in organisations. Eur J Inf Syst 2009;18(2):106-25.
Ifinedo P. Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput Secur 2012;31(1):83-95.
Lee Y, Larsen KR. Threat or coping appraisal: determinants of SMB executives; decision to adopt anti-malware software. Eur J Inf Syst 2009;18920:177-87.
Conner M, Armitage CJ. Extending the theory of planned behavior: a review and avenues for further research. J Appl Soc Psychol 1998;28:1429-64.
A.C. Johnston, M. Warkentin.,Fear appeals and information security behaviors: an empirical study. MIS Q, 34 (3) (2010), pp. 549–566.
M.J. Culnan, C.C. Williams.,How ethics can enhance organizational privacy: lessons from the choicepoint and TJX data breaches.MIS Q, 33 (2009), pp. 673–687.
Q. Hu, T. Dinev, P. Hart, D. Cooke., Managing employee compliance with information security policies: the critical role of top management and organizational culture. Decision Sciences, 43 (4) (2012), pp. 615–660.
P.B. Lowry, G.D. Moody., Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organizational information security policies. Information Systems Journal, 25 (5) (2015), pp. 433–463 https://doi.org/10.1111/isj.12043
C. Posey, T. Roberts, P.B. Lowry, B. Bennett, J. Courtney., Insiders' protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Q, 37 (4) (2013), pp. 1189–1210.
A. Vance, M. Siponen, S. Pahnila., Motivating IS security compliance: insights from habit and protection motivation theory. Information & Management, 49 (3) (2012), pp. 190–198 https://doi.org/10.1016/j.im.2012.04.002
D. Dang-Pham, S. Pittayachawan., Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: a protection motivation theory approach. Comput Secur, 48 (2015), pp. 281–297 https://doi.org/10.1016/j.cose.2014.11.002
Y. Li, M.T. Siponen., A call for research on home users' information security behavior. PACIS (2011), p. 112.
Rasika D., The principle of security safeguards: Unauthorized activities., Computer Law and Security Review 25 (2009) 165-172.
PIPEDA 226. Company’s collection of medical information., unnecessary; safeguards are inappropriate. Available from:http://www.privcom.gc.ca/cf-dc/2003/cf-dc_031031_e.asp;2003.
Hsin-yi, S.T., Mengtian, J., Saleem, A., Robert, L., Nora, J. R., Shelia R. C., 1. Understanding online safety behaviors: A protection motivation theory perspective, Computers & Security Volume 59, June 2016, Pages 138–150 https://doi.org/10.1016/j.cose.2016.02.009
Fadele, A.A., Mazliza, O., Ibrahim, A.T.H., Faiz, A. Internet of Things security: A survey. Journal of Network and Computer Applications 88(2017);10-28.
PIPEDA 315. Web-centred company’s safeguards and handling of access request and privacy complaint questioned. Available from: http://www.privcom.gc.ca/cf-dc/2005/315_20050809_03_e.asp; 2003.
Refbacks
- There are currently no refbacks.