Abstract
Our increased reliance on digital information and our expansive use of the Internet for a steadily rising number of tasks requires that more emphasis be placed on digital information security. The importance of securing digital information is apparent but the success in persuading individual users to adopt and utilize tools to improve security has been arguably more difficult. In this study, we propose a number of factors that may influence individual security practices. These constructs are developed by adapting existing theory from information security and privacy research to examine information security behaviors in the general public dimension. The influence of these factors on perceived need and actual behavior is then examined. The resulting model is shown to fit well and support is found for many of the proposed relationships. The determination of the antecedents of individual digital security practices may provide useful insight to tailoring programs for adoption and utilization of security tools by individuals in the general public dimension.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Anderson JC, Gerbing DW (1988) Structural equation modeling in practice: a review and recommended two step approach. Psychol Bull 103(3):411–423
Anderson R (2001) Why information security is hard—an economic perspective. In: Proceedings of the 17th Annual Computer Security Applied Conference. IEEE Computer Society, Los Alamitos, CA, pp 358–365
Benassi P (1999) TRUSTe: an online privacy seal program. Commun ACM 42(2):56
Bensaou M, Venkataman N (1996) Inter-organizational relationships and information technology: a conceptual synthesis and a research framework. Eur J Inform Syst 5:84–91
Browne MW, Cudeck R (1993) Alternative ways of assessing model fit. In: Bollen KA, Long JS (eds) Testing structural equation models. Sage, Newbury Park, pp 445–455
Byrne BM (2001) Structural equation modeling with AMOS: basic concepts, applications and programming. Lawrence Erlbaum Associates, Mahwah
CERT (2007) Over-confidence is pervasive amongst security professionals. Retrieved July 3, from the Software Engineering Institute at Carnegie Mellon Web site: http://www.sei.cmu.edu/about/press/releases/2007ecrime.html
CERT (2008) Vulnerability remediation statistics. Retrieved July 3, from the Software Engineering Institute at Carnegie Mellon Web site: http://www.cert.org/stats/vulnerability_remediation.html
CR (2007) Net threats: why going online remains risky. Retrieved July 3, from the Consumer Reports Web site: http://www.consumerreports.org/cro/electronics-computers/computers/internet-and-other-services/net-threats-9-07/overview/0709_net_ov.htm
D’Arcy J, Hovav A, Galletta D (2008) User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inform Syst Res (Forthcoming)
Davis F (1989) Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quart, 319–340
Department of Commerce (2011) Exploring the digital nation—computer and internet use at home. Retrieved July 31st, 2012 from the Department of Commerce website: http://www.esa.doc.gov/Reports/exploring-digital-nation-computer-and-internet-use-home
Dhillon G (2007) Principles of information systems security: text and cases. Wiley, New York
Dhillon G (1999) Managing and controlling computer misuse. Inform Manag Comput Secur 7(4):171–175
Dinev T, Hart P (2006) An extended privacy calculus model for E-commerce transactions. Inform Syst Res 17(1):61–80
Fornell C, Larker DF (1981) Evaluating structural equation models with unobservable variables and measurement error. J Mark Res 18:39–50
FTC (2007) FTC releases survey of identity theft in the U.S. study shows 8.3 million victims in 2005. Retrieved July 3, 2008, from the Federal Trade Commission Web site: http://www.ftc.gov/opa/2007/11/idtheft.shtm
Hayduk L, Cummings GG, Boadu K, Pazderka-Robinson H, Boulianne S (2007) Testing! Testing! One, two, three—testing the theory in structural equation models! Pers Individ Dif 42:841–850
Hansche S (2001) Designing a security awareness program: part 1. Inform Syst Secur 9(6):14–22
Hosmer L (1995) Trust: the connection link between organizational theory and philosophical ethics. Acad Manag Rev 20(3):213–237
Howard J, Longstaff T (1998) A common language for computer security incidents. Sandia National Laboratory report: SAND98-8667. Sandia National Lab. Retrieved November 29th, 2010 from: http://www.osti.gov/ bridge/purl.cover.jsp?purl =/751004-JhkwDA/webviewable/
Hu L, Bentler PM (1999) Cutoff criteria for fit indexes in covariance structure analysis: conventional criteria versus new alternatives. Struct Equ Model 6(1):1–55
Hughes D (2008) 12,000 Laptops Lost Weekly At U.S. Airports. Aviation Week, Retrieved July 3, 2008, from Aviation Week Web site: http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=comm&id=news/LAP07038.xml&headline=12,000%20Laptops%20Lost%20Weekly%20At%20U.S.%20Airports
James TL, Pirim T, Boswell K, Reithel B, Barkhi R (2006) Determining the intention to use of biometric devices: an application and extension of the technology acceptance model. J Organ End User Comput 18(3):1–24
Javelin Strategy & Research (2010) 2010 Identity Fraud Survey Report: Consumer Version. Retrieved July 31, 2012, from Javelin Strategy Web site: http://http://www.javelinstrategy.com/uploads/files/1004.R_2010IdentityFraudSurveyConsumer.pdf
Joreskog KG, Sorbom D (1996) LISREL 8: User’s reference guide. Scientific Software International, Chicago
Koufteros XA (1999) Testing a model of pull production: a paradigm for manufacturing research using structural equation modeling. J Oper Manag 17(4):467–488
Kim BC, Chen P, Mukhopadhyay T (2011) The effect of liability and patch release on software security: the monopoly case. Prod Oper Manag 20(4):603–617
Kline R (1998) Principles and practice guidelines of structural equation modeling. Guilford Press, New York
Krusl I (1998) Software vulnerability analysis, Ph.D. thesis. Department of Computer Sciences, Purdue University. Retrieved, November 29th from: https://www.cerias.purdue.edu/techreports-ssl/public/98-09.pdf
Laufer R, Wolfe M (1977) Privacy as a concept and a social issue: a multidimensional developmental theory. J Soc Issues 33(3):22–42
Lee SM, Lee SG, Yoo S (2004) An integrative model of computer abuse based on social control and general deterrence theories. Inform Manag 41(6):707–718
MacCallum RC, Browne MW, Sugawara HM (1996) Power analysis and determination of sample size for covariance structure modeling. Psychol Methods 1:130–149
NWCCC, BJA, FBI (2007) 2007 Internet crime report. Retrieved July 3, from the Internet Crime Complaint Center Web site: http://www.ic3.gov/media/annualreports.aspx
Pavlou P (2003) Consumer acceptance of electronic commerce: integrating trust and risk with the technology acceptance model. Int J Electron Commer 7(3):69–103
Power R (1996) Current and future danger: a CSI primer of computer crime & information warfare, 4th edn. Computer Security Institute, Orlando
Raine L (2010) Internet, broadband, and cell phone statistics, A Pew Research Center Report, Jan. 5th, 2010. Obtained August 12th, 2010 from: http://www.pewinternet.org/Reports/2010/Internet-broadband-and-cell-phone-statistics.aspx
Ring P, Van de Ven A (1994) Developing processes of cooperative inter-organizational relationships. Acad Manag Rev 19:90–118
Schumacker RE, Lomax RG (2004) A beginner’s guide to structural equation modeling, 2nd edn. Lawrence Erlbaum Associates, Mahwah
Siponen MT (2001) Five dimensions of information security awareness. ACM SIGCAS Comput Soc 31(2):24–29
Stallings W (2003) Network security essentials: applications and standards, 2nd edn. Pearson Education, Inc., Upper Saddle River
Steiger JH (1990) Structural model evaluation and modification: an interval estimation approach. Multivar Behav Res 25:173–180
Stoneburner G, Goguen A, Feringa A (2002) “Risk management guide for information technology systems”, NIST Special Publication 800-30, Retrieved November, 29th, 2010 from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Straub DW (1990) Effective IS security: an empirical study. Inform Syst Res 1(3):255–276
Straub D, Welke R (1998) Coping with systems risk: security planning models for management decision making. MIS Quart 22(4):441–469
Symantec (2008) Symantec Internet Security Threat Report. Retrieved July 3, 2008, from the Symantec Web site: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_exec_summary_internet_security_threat_report_xiii_04-2008.en-us.pdf
Tyre P (2010) “A’s for Good Behavior”, The New York Times, Retrieved November 29th, 2010 from: http://www.nytimes.com/2010/11/28/weekinreview/28tyre.html
Urbach N, Ahlemann F (2010) Structural equation modeling in information systems research using partial least squares. J Inform Technol Theory Appl 11(2):5–40
Van Eerde W, Thierry H (1996) Vroom’s expectancy models and work-related criteria: a meta-analysis. J Appl Psychol 81(5):575–586
Vroom VH (1964) Work and motivation. Wiley, New York
Whitman ME (2004) In defense of the realm: understanding the threats to information security. Int J Inform Manage 24(1):43–57
Whitman ME, Mattord H (2005) Principles of information security. Course Technology, Boston
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
James, T., Nottingham, Q. & Kim, B.C. Determining the antecedents of digital security practices in the general public dimension. Inf Technol Manag 14, 69–89 (2013). https://doi.org/10.1007/s10799-012-0147-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10799-012-0147-4