Skip to main content
SpringerLink
Log in

Contextual Factors in Information Security Group Behaviour: A Comparison of Two Studies

  • Conference paper
  • First Online:
Information Systems Security and Privacy (ICISSP 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1545))

Included in the following conference series:

  • 490 Accesses

Abstract

Group behaviour is a relatively under researched field in research pertaining to information security. Most behavioural studies in information security focus on the individual and how he/she reasons and eventually behaves. Recent investigations into security group behaviour have revealed that the context within which the members of a group function plays an important role. Behavioural threshold analysis has been identified as a possible tool to evaluate security group behaviour and provide insights into the possible influence of the group’s contextual milieu. Based on earlier research on contextual factors in information security, this paper embodies an elaboration on the theoretical and practical implications of the previous work by comparing two distinct information security group behaviour experiments. The contextual environments for the two experiments include a group of employees in an industry setting, as well as a group of students that reside together in a university residence. These experiments are discussed, firstly by looking at the information security behavioural threshold analysis results for the two groups, and secondly, by expounding on the external contextual factors that play a part in the formation and eventual practice of information security behaviour in a group setting. The paper concludes by reflecting on the research aims and possible future work. This research has shown that external contextual factors play an important role in information security group behaviour and its effect should be taken into account in the strategies of managing information security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Shropshire, J., Warkentin, M., Sharma, S.: Personality, attitudes, and intentions: predicting initial adoption of information security behavior. Comput. Secur. 49, 177–191 (2015)

    Article  Google Scholar 

  2. Barth, S., De Jong, M.D., Junger, M., Hartel, P.H., Roppelt, J.C.: Putting the privacy paradox to the test: online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources. Telemat. Inform. 41, 55–69 (2019)

    Article  Google Scholar 

  3. Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.: The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Comput. Secur. 66, 40–51 (2017)

    Article  Google Scholar 

  4. Granovetter, M.: Threshold models of collective behavior. Am. J. Sociol. 83, 1420–1443 (1978)

    Article  Google Scholar 

  5. Snyman, D.P., Kruger, H.A.: Behavioural threshold analysis: methodological and practical considerations for applications in information security. Behav. Inf. Technol. 38, 1–19 (2019)

    Article  Google Scholar 

  6. Willison, R., Warkentin, M.: Beyond deterrence: an expanded view of employee computer abuse. MIS Q. 37, 1–20 (2013)

    Article  Google Scholar 

  7. Johnston, A.C., Di Gangi, P.M., Howard, J., Worrell, J.: It takes a village: understanding the collective security efficacy of employee groups. J. Assoc. Inf. Syst. 20, 186–212 (2019)

    Google Scholar 

  8. Wu, P.F., Vitak, J., Zimmer, M.T.: A contextual approach to information privacy research. J. Am. Soc. Inf. Sci. 7, 485–490 (2019)

    Google Scholar 

  9. Kroenung, J., Eckhardt, A.: The attitude cube—A three-dimensional model of situational factors in IS adoption and their impact on the attitude–behavior relationship. Inf. Manag. 52, 611–627 (2015)

    Article  Google Scholar 

  10. Snyman, D.P., Kruger, H.A.: External contextual factors in information security behaviour. In: 6th International Conference on Information Systems Security and Privacy (ICISSP 2020), pp. 185–194. SCITEPRESS – Science and Technology Publications, Lda (2020)

    Google Scholar 

  11. Belk, R.W.: Situational variables and consumer behavior. J. Consum. Res. 2, 157–164 (1975)

    Article  Google Scholar 

  12. Kirova, V., Thanh, T.V.: Smartphone use during the leisure theme park visit experience: the role of contextual factors. Inf. Manag. 56, 742–753 (2019)

    Article  Google Scholar 

  13. Snyman, D.P., Kruger, H.A.: The application of behavioural thresholds to analyse collective behaviour in information security. Inf. Comput. Secur. 25, 152–164 (2017)

    Article  Google Scholar 

  14. Snyman, D.P., Kruger, H.A., Kearney, W.D.: I shall, we shall, and all others will: paradoxical information security behaviour. Inf. Comput. Secur. 26, 290–305 (2018)

    Article  Google Scholar 

  15. Furnell, S., Thomson, K.-L.: Recognising and addressing ‘security fatigue.’ Comput. Fraud Secur. 2009, 7–11 (2009)

    Article  Google Scholar 

  16. Fisher, R.J.: Social desirability bias and the validity of indirect questioning. J. Consum. Res. 20, 303–315 (1993)

    Article  Google Scholar 

  17. Growney, J.S.: I will If You Will: Individual Thresholds and Group Behavior - Applications of Algebra to Group Behavior. COMAP Inc., Bedford (1983)

    Google Scholar 

  18. Miller, C., Stuart Wells, F.: Balancing security and privacy in the digital workplace. J. Chang. Manag. 7, 315–328 (2007)

    Article  Google Scholar 

  19. Wiant, T.L.: Information security policy’s impact on reporting security incidents. Comput. Secur. 24, 448–459 (2005)

    Article  Google Scholar 

  20. Furnell, S., Esmael, R.: Evaluating the effect of guidance and feedback upon password compliance. Comput. Fraud Secur. 2017, 5–10 (2017)

    Google Scholar 

  21. Security, I.B.M.: IBM X-Force Threat Intelligence Index 2018: Notable Security Events of 2017, and a Look Ahead. IBM Corporation, New York (2018)

    Google Scholar 

  22. Lee, B., Fenoff, R., Paek, S.Y.: Correlates of participation in e-book piracy on campus. J. Acad. Librariansh. 45, 299–304 (2019)

    Article  Google Scholar 

  23. Gan, L.L., Koh, H.C.: An empirical study of software piracy among tertiary institutions in Singapore. Inf. Manag. 43, 640–649 (2006)

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to thank Johan Allers and Wayne Kearney for their assistance with the experiments.

Author information

Authors and Affiliations

  1. School of Computer Science and Information Systems, North-West University, 11 Hoffman Street, Potchefstroom, 2531, South Africa

    Dirk Snyman & Hennie Kruger

Authors
  1. Dirk Snyman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hennie Kruger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dirk Snyman .

Editor information

Editors and Affiliations

  1. Plymouth University, Plymouth, UK

    Steven Furnell

  2. Istituto di Informatica e Telematica, Pisa, Italy

    Paolo Mori

  3. University of Vienna, Vienna, Austria

    Edgar Weippl

  4. MODESTE/ESEO, Angers Cedex 2, France

    Olivier Camp

Appendix

Appendix

As mentioned in Sect. 4, this Appendix shows the cumulative behavioural threshold graphs for the information security focus areas for Email use, Password management and Incident reporting in Figs. 5, 6, and 7 respectively. The external contextual factors that contribute to the predicted eventual group behaviours for these three focus areas were discussed in Sect. 5.

Fig. 5.
figure 5

Behavioural threshold analysis graph – Email use (Industry vs. Students)

Full size image
Fig. 6.
figure 6

Behavioural threshold analysis graph – Password management (Industry vs. Students)

Full size image
Fig. 7.
figure 7

Behavioural threshold analysis graph – Incident reporting (Industry vs. Students)

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Snyman, D., Kruger, H. (2022). Contextual Factors in Information Security Group Behaviour: A Comparison of Two Studies. In: Furnell, S., Mori, P., Weippl, E., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2020. Communications in Computer and Information Science, vol 1545. Springer, Cham. https://doi.org/10.1007/978-3-030-94900-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-94900-6_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-94899-3

  • Online ISBN: 978-3-030-94900-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation