Open Access Open Access  Restricted Access Subscription Access

Investigating the Determinants of College Students Information Security Behavior using a Validated Multiple Regression Models


Affiliations
1 Department of Computer Science, Al Albayt University, Jordan
 

The frequency, intensity and repercussions of information security breaches in higher education has prompted colleges and universities around the world to devote more resources to enhance technical and human controls capabilities. Research has repeatedly found that technical solutions to cybercrime are insufficient in preventing incidents. The present analysis utilizes the Health Belief Model (HBM) to explain users' computer security behavior by replicating an earlier research study. The study, however, applies the HBM model to a new context, higher education, and college students serve as the sample for this research. A validated questionnaire was employed to collect responses from 263 students attending a public state Midwestern university in the United States. Multiple Linear Regression mathematical analysis was conducted on the dataset collected to measure constructs of the information security of college students. Findings of this research suggest that perceived susceptibility, perceived benefits and self-efficacy are good determinants of information security behavior for college students at least on the sample observations. Further, the analysis supported the moderating logic of perceived severity on the effects of susceptibility, benefits, general security orientation, self-efficacy and cues to action. Findings of this research call upon higher education security administrators to enact more effective awareness and training programs based on real-work security incidents simulations and incorporating information security into the general education curricula.

Keywords

Computer Security, Simulated Training, Security Indicators, Security Awareness.
User
Notifications
Font Size

  • UMBC (2017). Why College Campuses Are Big Targets for Cyber Attacks Ever wonder why YOUR account would ever be hacked? Retrieved from https://doit.umbc.edu/news/?id=70678
  • Dahlstrom, E., and Bichsel, J. (2014). ECAR Study of Undergraduate Students and Information Technology, 2014. Washington, DC: Educause.
  • Kim, B. (2014). Recommendations for information security awareness training for college students. Information Management & Computer Security, 22(1), 115-126.
  • Lin, Q., Wang, K., and Gao, L. (2015). Exploration on the Education Mode of Effectively Strengthening Security Awareness and Ability of Female College Students. Paris: Atlantis Press.
  • Shropshire, J., Warkentin, M., and Sharma, S. (2015). Personality, attitudes, and intentions: Predicting initial adoption of information security behavior. Computers & Security, 49, 177-191.
  • Peltier, T. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton, Fl: Auerbach Publications.
  • Mohammad R., Thabtah F., McCluskey L., (2014) Predicting Phishing Websites based on SelfStructuring Neural Network. Journal of Neural Computing and Applications, (3)1-16. Springer.
  • Thabtah F., Kamalov F. (2017) Phishing Detection: A Case Analysis on Classifiers with Rules using Machine Learning. Journal of Information and Knowledge Management. World Scientific.
  • Thabtah F., Abdelhamid N. (2016) Deriving Correlated Sets of Website Features for Phishing Detection: A Computational Intelligence Approach. Journal of Information and Knowledge Management. 15, 1650042 (2016) [17 pages]. World Scientific.
  • Abdelhamid N, Ayesh A., Thabtah F. (2013) Phishing Detection using Associative Classification Data Mining. ICAI'13 - The 2013 International Conference on Artificial Intelligence, pp. (491-499). USA.
  • Mohammad R., Thabtah F., McCluskey L., (2013) Intelligent Rule based Phishing Websites Classification. Journal of Information Security (2), 1-17. ISSN 17518709. IET.
  • Qabajeh I, Thabtah F, Chiclana F (2018) A recent review of conventional vs. automated cybersecurity anti-phishing techniques. Computer Science Review 29, 44-55.
  • AlShboul R, Thabtah F, Abdelhamid N, Al-diabat M (2018) A visualization cybersecurity method based on features’ dissimilarity Computers & Security 77, 289-303. 2018
  • Hajli, N., and Lin, X. (2016). Exploring the security of information sharing on social networking sites: The role of perceived control of information. Journal of Business Ethics, 133(1), 111-123.
  • Ng, B., Kankahali, A., and Xu, Y. (2009). Studying users’ computer security behavior: a health belief perspective. Decision Support Systems, 46, 815-825.
  • Skinner, C., Tiro, J., and Champion, V. (2015). The health belief model. In Health behavior: theory, research, and practice, 5th ed. San Francisco (US): Jossey-Bass, 75-94.
  • Jones, C., Smith, H., and Llewellyn, C. (2014). Evaluating the effectiveness of health belief model interventions in improving adherence: a systematic review. Health psychology review, 8(3), 253-269.
  • Merkow, M., and Breithaupt, J. (2014). Information security: Principles and practices. London: Pearson Education.
  • L. Reznik, V. J. Buccigrossi III, J. Lewis, A. Dipon, S. Milstead, N. LaFontaine, K. Beck, and H. Silvia, “Security of computer use practice: The case of ordinary users survey,” in Proceedings of the 5th Annual Symposium on Information Assurance (ASIA ’11),), June 7-8, 2011, ser. SOUPS ’07. New York, NY, USA: ACM, June 2011, pp. 167–168.
  • Tekerek, M., and Tekerek, A. (2013). A research on students’ information security awareness. Turkish Journal of Education, 2(3).
  • Smith, A. (2017). Americans and Cybersecurity: Password Management and Mobile Security. Retrieved from http://www.pewinternet.org/2017/01/26/2-password-management-and-mobile-security/
  • Ngoqo, B., and Flowerday, S. (2015). Exploring the relationship between student mobile information security awareness and behavioural intent. Information & Computer Security, 23(4), 406-420.
  • Kang, R., Dabbish, L., Fruchter, N., and Kiesler, S. (2015, July). “My data just goes everywhere:” user mental models of the internet and implications for privacy and security. In Symposium on Usable Privacy and Security (SOUPS) (pp. 39-52). Berkeley, CA: USENIX Association.
  • Safa, N., Von Solms, R., and Futcher, L. (2016). Human aspects of information security in organisations. Computer Fraud & Security, 2016(2), 15-18.
  • Abraham, C., and Sheeran, P. (2005). The health belief model. In M. Conner, P. Norman (Eds.), Predicting Health Behaviour, Ch. 2. Berkshire (UK): Open University Press.
  • Groenewold, G., Bruijn, B., and Bilsborrow, R. (2006). Migration of the Health Belief Model (HBM): Effects of psychosocial and migrant network characteristics on emigration intentions in five countries in West Africa and the Mediterranean Region. The Population Association of America 2006 Annual Meeting, March 30–April 1, Los Angeles, CA, 2006.
  • Janz, N. and Becker, M. (1984). The health belief model: a decade later. Health Education Quarterly 11.
  • Rosenstock, I. (1974). The health belief model and preventive health behavior. Health Education Monographs 2.
  • Rosenstock, I., Strecher, V., and Becker, M. (1988). Social learning theory and the health belief model. Health Education Quarterly 15.
  • Conner, M. and Norman, P. (2005). Predicting health behaviour: a social cognition approach. In M. Conner and P. Norman (Eds.), Predicting Health Behaviour, Ch. 1. Berkshire, UK: Open University Press.
  • Chung, W., Chen, H., Chang, W., and Chou, S. (2006). Fighting Cybercrime: a review and the Taiwan experience. Decision Support Systems, 41 (2006).
  • Davis, F. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3).
  • Eccles, J. and Wigfield, A. (2002). Motivational beliefs, values, and goals. Annual Review Psychology, 53.
  • Compeau, D., and Higgins, C. (1995). Computer self-efficacy: development of a measure and initial test. MIS Quarterly, 19(2).
  • Cheung, C., Lee, Z., and Chan, T. (2015). Self-disclosure in social networking sites: the role of perceived cost, perceived benefits and social influence. Internet Research, 25(2), 279-299.
  • Nunally, J. (1978). Psychometric. New York: McGraw Hill.
  • Woon, I., Tan, G., and Low, R. (2005). A protection motivation theory approach to home wireless security. Proceedings of the Twenty-Sixth International Conference on Information Systems, Las Vegas, Nevada, USA.
  • Champion, V. (1984). Instrument development for health belief model constructs. Advances in Nursing Science, 6(3)
  • Chan, M., Woon, I., and Kankanhalli, A. (2005). Perceptions of information security in the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1(3).
  • Jayanti, R. and Burns, A. (1998). The antecedents of preventive health care behavior: an empirical study. Academy of Marketing Science Journal 26(1).

Abstract Views: 344

PDF Views: 164




  • Investigating the Determinants of College Students Information Security Behavior using a Validated Multiple Regression Models

Abstract Views: 344  |  PDF Views: 164

Authors

Mofleh Al-diabat
Department of Computer Science, Al Albayt University, Jordan

Abstract


The frequency, intensity and repercussions of information security breaches in higher education has prompted colleges and universities around the world to devote more resources to enhance technical and human controls capabilities. Research has repeatedly found that technical solutions to cybercrime are insufficient in preventing incidents. The present analysis utilizes the Health Belief Model (HBM) to explain users' computer security behavior by replicating an earlier research study. The study, however, applies the HBM model to a new context, higher education, and college students serve as the sample for this research. A validated questionnaire was employed to collect responses from 263 students attending a public state Midwestern university in the United States. Multiple Linear Regression mathematical analysis was conducted on the dataset collected to measure constructs of the information security of college students. Findings of this research suggest that perceived susceptibility, perceived benefits and self-efficacy are good determinants of information security behavior for college students at least on the sample observations. Further, the analysis supported the moderating logic of perceived severity on the effects of susceptibility, benefits, general security orientation, self-efficacy and cues to action. Findings of this research call upon higher education security administrators to enact more effective awareness and training programs based on real-work security incidents simulations and incorporating information security into the general education curricula.

Keywords


Computer Security, Simulated Training, Security Indicators, Security Awareness.

References