Abstract
This study used an exploratory factor analysis to examine the factors underlying personality traits that influence the constructs of information security compliance. Studies of this nature could be germane to organisations grappling with the insider threat problem. The current study, which is situated within the socio-technical realm and considers the human element within the information security domain, concludes by providing a conceptual model that could be useful to both researchers and practitioners.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley, Upper Saddle River, New Jersey (2012)
Hunker, J., Probst, C.W.: Insiders and insider threats-an overview of definitions and mitigation techniques. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 2(1), 4–27 (2011)
Legg, P.A., et al.: Towards a conceptual model and reasoning structure for insider threat detection. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl.cations 4(4), 20–37 (2013)
Ponemon Institute: Privileged user abuse & the insider threat. http://www.trustedcs.com/resources/whitepapers/Ponemon-RaytheonPrivilegedUserAbuseResearchReport.pdf (2014). Accessed 06 Jan 2015
Jiang, J., et al.: Prediction and detection of malicious insiders’ motivation based on sentiment profile on webpages and emails. In: IEEE Military Communications Conference, pp. 1–6. IEEE, Los Angeles, CA, USA (2018)
Simola, P., Virtanen, T., Sartonen, M.: Information security is more than just policy; it is in your personality. In: ECCWS 2019 18th European Conference on Cyber Warfare and Security, pp. 459–65. Academic Conferences and publishing limited, Coimbra, Portugal (2019)
Shropshire, J., Gowan, A.: Identifying traits and values of top-performing information security personnel. J. Comput. Inf. Syst. 57(3), 258–268 (2017)
Whitty, M.T.: Developing a conceptual model for insider threat. J. Manag. Organ. 1–19 (2018)
Maasberg, M., Warren, J., Beebe, N.L.: The dark side of the insider: detecting the insider threat through examination of dark triad personality Traits. In: 48th Hawaii International Conference on System Sciences (HICSS), pp. 3518–26. IEEE, Kauai, Hawaii, USA (2015)
Radhakrishnan, M., et al.: Proposed insider threat detection model for malaysian government agencies. Open Int. J. Inform. (OIJI) 54–67 (2018)
Ong, L., Chong, C.: Information security awareness: an application of psychological factors–a study in Malaysia. In: Proceedings of the 2014 International Conference on Computer, Communications and Information Technology, pp. 98–101. Atlantis Press, Beijing, China (2014)
Alahmadi, B.A., Legg, P.A., Nurse, J.R.: Using internet activity profiling for insider-threat detection. In: International Conference on Enterprise Information Systems, vol. 2, pp. 709–20. SCITEPRESS, Barcelona, Spain (2015)
Nurse, J.R., et al.: Understanding insider threat: a framework for characterising attacks. In: IEEE Security and Privacy Workshops, pp. 214–28. IEEE, San Jose, California, USA (2014)
Johnston, A.C., Warkentin, M., McBride, M., Carter, L.: Dispositional and situational factors: influences on information security policy violations. Eur. J. Inf. Syst. 25(3), 231–251 (2016)
McBride, M., Carter, L., Warkentin, M.: Exploring the role of individual employee characteristics and personality on employee compliance with cybersecurity policies. RTI International-Institute for Homeland Security Solutions 5(1), (2012)
Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179–211 (1991)
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)
Ifinedo, P.: Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput. Secur. 31(1), 83–95 (2012)
Ajzen, I.: The theory of planned behaviour: reactions and reflections. Psychol. Health 29(6), 1113–1127 (2011)
Van Gelder, J.-L., De Vries, R.E.: Traits and states: integrating personality and affect into a model of criminal decision making. Criminology 50(3), 637–671 (2012)
Ashton, M.C., Lee, K., De Vries, R.E.: The HEXACO Honesty-humility, agreeableness, and emotionality factors: a review of research and theory. Pers. Soc. Psychol. Rev. 18(2), 139–152 (2014)
Lee, K., Ashton, M.C.: Psychometric properties of the HEXACO personality inventory. Multivar. Behav. Res. 39(2), 329–358 (2004)
Ashton, M.C., Lee, K.: The HEXACO–60: a short measure of the major dimensions of personality. J. Pers. Assess. 91(4), 340–345 (2009)
Safa, N.S., et al.: Deterrence and prevention-based model to mitigate information security insider threats in organisations. Futur. Gener. Comput. Syst. 97, 587–597 (2019)
Singh, A.K., Singh, S., Singh, A.: Does trait predict psychological well-being among students of professional courses? J. Indian Acad. Appl. Psychol. 38(2), 234–241 (2012)
Hair, J.F., Black, W.C., Babin, B.J., Anderson, R.E.: Multivariate Data Analysis, 7th edn. Prentice Hall, Upper Saddle River, New Jersey (2010)
Mcleod, S.: Simply Psychology. https://www.simplypsychology.org/correlation.html (2020). Accessed 28 Sep 2021
van Winsen, B.: Determining secure digital behavior of individuals using hexaco personality traits. Erasmus School of Economics, MSc Thesis. Erasmus University Rotterdam, Netherlands (2020)
Shropshire, J., Warkentin, M., Sharma, S.: Personality, attitudes, and intentions: predicting initial adoption of information security behavior. Comput. Secur. 49, 177–191 (2015)
Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A.: Correlating human traits and cyber security behavior intentions. Comput. Secur. 73, 345–58 (2018)
van der Schyff, K., Flowerday, S.: Mediating effects of information security awareness. Comput. Secur. 106, 1–12 (2021)
Ashton, M.C., Lee, K.: Empirical, theoretical, and practical advantages of the HEXACO model of personality structure. Pers. Soc. Psychol. Rev. 11(2), 150–166 (2007)
Smith, R.D.: The Relationship between HEXACO Personality Traits and Cyberbullying Perpetrators and Victims. Doctor of Education. Liberty University, Lynchburg, Virginia (2016)
De Vries, R.E., Tybur, J.M., Pollet, T.V., van Vugt, M.: Evolution, situational affordances, and the HEXACO model of personality. Evol. Hum. Behav. 37(5), 407–421 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A: Rotated Factor Loading
Appendix A: Rotated Factor Loading
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Padayachee, K. (2022). An Exploratory Factor Analysis of Personality Factors: An Insider Threat Perspective. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2022. IFIP Advances in Information and Communication Technology, vol 658. Springer, Cham. https://doi.org/10.1007/978-3-031-12172-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-12172-2_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-12171-5
Online ISBN: 978-3-031-12172-2
eBook Packages: Computer ScienceComputer Science (R0)