Use of Persuasive Technology to Change End-Users- IT Security Aware Behaviour: A Pilot Study
Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 33090
Use of Persuasive Technology to Change End-Users- IT Security Aware Behaviour: A Pilot Study

Authors: Ai Cheo Yeo, Md. Mahbubur Rahim, Yin Ying Ren

Abstract:

Persuasive technology has been applied in marketing, health, environmental conservation, safety and other domains and is found to be quite effective in changing people-s attitude and behaviours. This research extends the application domains of persuasive technology to information security awareness and uses a theory-driven approach to evaluate the effectiveness of a web-based program developed based on the principles of persuasive technology to improve the information security awareness of end users. The findings confirm the existence of a very strong effect of the webbased program in raising users- attitude towards information security aware behavior. This finding is useful to the IT researchers and practitioners in developing appropriate and effective education strategies for improving the information security attitudes for endusers.

Keywords: Information security, persuasive technology, ITsecurity-aware behaviour, theory of planned behaviour survey.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1083939

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2405

References:


[1] Stanton, J. M., Kathryn R.S., Indira G. & Cavinda C., "Examining the linkage between organizational commitment and information security"-, in IEEE International Conference on Systems, Man and Cybernetics. pp: 2501-2506, 2003.
[2] Deloitte, ÔÇÿ2005 Global security survey-, Deloitte, available at: http://www.deloitte.com/dtt/cda/doc/content/2005%20Global%20Securit y%20Survey%281%29.pdf, 2005
[3] CIO, "CIO research reports", CIO, available at: http://www2.cio.com/research/surveyreport.cfm?id=93, 2005
[4] Straub D. W., "Effective IS security: an empirical study"-, Information System Research, Vol.1, No.2, pp:255-277, 1990.
[5] Straub, D. W. and Welke, R. J., "Coping with systems risk: Security planning models for management decision making", MIS Q, Vol.22, No. 4, pp: 441-469, 1998.
[6] Leach, J., "Improving user security behaviour", Computers and Security. Vol.22, No.8, pp: 685-692, 2003.
[7] AUSCERT, "2006 Australian Computer Crime and Security Survey", Available at: www.auscert.org.au, 2006
[8] Ajzen, I., and Fishbein, M. Understanding attitudes and predicting social behaviour, Englewood Cliffs, NJ: Prentic-Hall, 1980.
[9] Thomson, M. and R. von Solms, 1998, ÔÇÿInformation security awareness: educating your users effectively-, Information Management and computer security, Vol.6, No.4, pp: 167-173.
[10] Fogg B.J., Persuasive Technology: using computers to change what we think and do, Morgan Kaufmann Publishers, CA, 2003
[11] Fogg B.J., ÔÇÿPersuasive Computers: Perspectives and Research Directions-, CHI98 Conference of ACM (CA: ACM Press, 1998), pp: 225-232.
[12] Fogg B.J. and Clifford Nass, ÔÇÿHow users reciprocate to computers: an experiment that demonstrates behaviour change-, in Extended Abstracts of the CHI97 Conference of the ACM/SIGCHI (New York: ACM Press, 1997), pp: 331-332.
[13] Lapolla, N.A. and Salvucci, A., ÔÇÿEvaluation of a Youth Driving Simulator Program-, available at: http://apha.confex.com/apha/128am/techprogram/paper_13286.htm, 2000.
[14] Lenert L, Mu├▒oz RF, Stoddard J, Delucchi K, Bansod A, Skoczen S, Pérez-Stable EJ., ÔÇÿDesign and Pilot Evaluation of an Internet smoking cessation program-, J AM Med Inform Assoc., 10 (1), pp:16-20, 2003.
[15] Ajzen, I.´╝îÔÇÿThe theory of planned behaviour-, Organizational Behaviour and Human Decision Processes, 50, 179-211, 1991.
[16] Siponen, M. T., ÔÇÿA conceptual foundation for organizational information security awareness-, Information Management and Computer Security, Vol.8, No.1, pp: 31-41, 2000.
[17] IJsselsteijn, W.A., de Kort, Y.A.W., Midden, C., Eggen, B., and van den Hoven, E., ÔÇÿPersuasive technology for human well-being: setting the scene-, Persuasive 06 Eindhoven: Springer, 2006
[18] Chau, P., ÔÇÿAn empirical assessment of a modified technology acceptance model-, Journal of Management Information Systems, Vol.13 No. 2, pp: 185-205, 1996.
[19] Mathieson, K., ÔÇÿPredicting user intentions: comparing the technology acceptance model with the theory of planned behaviour-, Information System Research, Vol. 3, No. 2, pp: 173-191, 1991.
[20] Chan, D.K.-S., and Fishbein, M. , 1993, ÔÇÿDeterminants of college women-s intentions to tell their partners to use condoms-, Journal of Applied Social Psychology, 23, pp: 1445-1470.
[21] Libbus, K., ÔÇÿWomen-s beliefs concerning condom acquisition and use-, Public Health Nursing, 12, pp: 341-347, 1995.
[22] Reinecke, J., Schmidt, P., and Ajzen, I., ÔÇÿApplication of the theory of planned behaviour to adolescents- condom use: A panel study-, Journal of Applied Social Psychology, 26, pp: 749-772, 1996.
[23] Ajzen, I.,and Madden, T. J., ÔÇÿPrediction of goal-directed behaviour: Attitudes, intentions, and perceived behavioural control-, Journal of Experimental Social Psychology, 22, pp: 453-474, 1986.
[24] Prislin, R.,andKovrlija, N., ÔÇÿPredicting behaviour of high and lowselfmonitors: an application of the theory of planned behaviour-, Psychological Reports, 70, pp:1131-1138, 1992.
[25] Ajzen, I., and Driver, B. E., ÔÇÿApplication of the theory of planned behaviour to leisure choice-, Journal of Leisure Research, 24, pp:207- 224, 1992
[26] Godin, G.,Valois, P. and Lepage, L., ÔÇÿThe pattern of influence of perceived behavioural control upon exercising behaviour: an application of Ajzen-s theory of planned behaviour-, Journal of Behavioural Medicine, 16, pp: 81-102, 1993.
[27] Theodorakis, Y., ÔÇÿPlanned behaviour, attitude strength, role identity, and the prediction of exercise behaviour-, The Sport Psychologist, 8, pp:149- 165, 1994
[28] Valois, P., Turgeon, H., Godin, G., Blondeau, D., and Cote, F., ÔÇÿInfluence of a persuasive strategy on nursing students- beliefs and attitudes toward provision of care to people living with HIV/AIDS-, Journal of Nursing Education, 40, pp: 354-358, 2001.
[29] Quine, L., Rutter D. R. and Arnold L., ÔÇÿPersuading school-age cyclists to use safety helmets: effectiveness of an intervention based on the theory of planned behaviour-, British Journal of Health Psychology, 6, pp: 327- 345, 2001.
[30] Gehringer, E.F. "Choosing Passwords: Security and Human Factors", International Symposium on Technology and Society, ISTAS-02, pp 369-373, 2002.
[31] Microsoft 2006. "Strong Passwords: How to Create and Use Them." Retrieved 29 August, 2006 from http://www.microsoft.com/athome/security/privacy/ password.mspx
[32] Monash University "Unwanted/Unsolicited Email or Spam." Retrieved 25 August, 2006 from http://www.its.monash.edu.au/staff/email/spam/, 2006a
[33] Monash University 2006b. "Beware of Malicious Emails and Web Pages." Retrieved 25 August, 2006 from http://www.its.monash.edu.au/staff/security/staff-only/home/emails.html
[34] Zviran, M., and Haga, W.J. "Password Security: An Empirical Study,", Journal of Management Information Systems, (15:4), pp 161-185, 1999.
[35] Lyman J. "Spam Costs $20 Billion Each Year in Lost Productivity", Retrieved 3 November, 2006 from http://www.linuxinsider.com/story/32478.html, 2003.
[36] CERT "Email Bombing and Spamming." Retrieved 6 November, 2006, from http://www.cert.org/tech_tips/email_bombing_spamming.html, 2002.
[37] O- Reilly, D. "10-step Security." Retrieved 29 August, 2006 from http://www.pcworld.com/article/id,122500-page,1/article.html, 2005.
[38] University of California. "Email Safety Tips." Retrieved 11 June, 2008 from http://www.security.uci.edu/email/, 2006.
[39] OECD Report "Malicious Software (Malware): A security threat to the internet economy", Ministerial Background Report, Seoul, Korea, 17-18 June., 2008.
[40] CAIDA "CAIDA Analysis of Code-Red." Retrieved 25 October, 2006, from http://www.caida.org/analysis/security/code-red/, 2006
[41] CSI 2005. "2005 CSI/FBI Computer Crime and Security Survey." Retrieved 3 December, 2006 from http://www.cpppe.umd.edu/Bookstore/Documents/2005CSISurvey.pdf
[42] Plous S., The Psychology of Judgment and Decision Making, McGraw- Hill, New York, 1993.
[43] Ajzen, I, ÔÇÿConstructing a TPB Questionnaire: conceptual and methodological considerations-, available at: http://people.umass.edu/aizen/pdf/tpb.measurement.pdf, 2002.