Show simple item record

dc.contributor.advisorSiponen, Mikko
dc.contributor.authorKinnunen, Sanna
dc.date.accessioned2016-06-29T08:54:56Z
dc.date.available2016-06-29T08:54:56Z
dc.date.issued2016
dc.identifier.otheroai:jykdok.linneanet.fi:1561437
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/50628
dc.description.abstractAim: The aim was to introduce new explanatory construct, namely illegitimate tasks from Stress-as-Offense-to-Self Theory (SOS), to better understand information security behavior (ISB). In addition, more commonly used constructs from Deterrence theory (DT) and Protection Motivation Theory (PMT) were used to explain ISB. This study also investigated several behaviors separately to evaluate the generalizability of the behavioral determinants. Methods: Four ISBs, namely general ISP compliance (ISP), not copying sensitive information to the unsecured USB drive (USB), locking or logging out from the computer (LOG), and not writing down passwords (PSW). Formal and informal sanctions from DT, threat and coping appraisal, as well as fear, from PMT, and illegitimate tasks from SOS were included as determinants of ISB. The survey method was used to data collection, and each participant answered to one behavior-specific questionnaire. There were 119 respondents to the ISP, 111 to the USB, 118 to the LOG, and 112 to the PSW questionnaires. 55,5% of the 460 participants were male, and 62,2% belonged to the age group of 20-30 years. Most of the participants (56,3%) had 1-7 years of work experience and they were technologically savvy. Confirmatory factor analysis and hierarchical linear regression analysis were used in the analyses, and analysis strategy was applied separately for each of the four ISBs. Results: DT, PMT, and SOS, as well as control variables, explained more than half of the variance (51,1-57,9%) in all of the behaviors, namely ISP, USB, LOG, and PSW. Illegitimate tasks had a relatively strong negative association with two of the ISBs indicating that they function as a determinant of ISB and should be considered in the future research of ISB. Illegitimate tasks also added explanatory power to the models containing sanctions from DT and appraisals from PMT. Illegitimate tasks were the strongest determinant of ISP and LOG. Although illegitimate tasks had a significant association with two of the ISBs, PMT contributed the most strongly to explaining different ISBs. Rewards and costs were the most prominent determinants of behavior and they also correlated highly with illegitimate tasks. This association can be theoretically explained and understood by SOS which addresses the effects of task evaluation on one’s selfimage and relationship with the organization one works at. Of the other constructs of PMT, fear and threat appraisal were significant predictors of LOG and USB, respectively, while response efficacy and self-efficacy predicted ISP. According to the findings of this study, sanctions from DT were not significant predictors of any of the ISBs. Conclusions: ISB has complex and multiple determinants that differ depending on the behavior in question. Findings related to a certain form of behavior are not necessarily generalizable to explaining other behaviors. This should be taken into account when planning research designs and practical procedures for information security management. Keywordsen
dc.format.extent1 verkkoaineisto (60 sivua)
dc.language.isoeng
dc.rightsJulkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.fi
dc.rightsThis publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.en
dc.subject.otherInformation security behavior
dc.subject.otherDeterrence Theory
dc.subject.otherProtection Motivation Theory
dc.subject.otherStress-as-Offense-to-Self Theory
dc.titleExploring determinants of different information security behaviors
dc.identifier.urnURN:NBN:fi:jyu-201606293374
dc.type.ontasotPro gradufi
dc.type.ontasotMaster's thesisen
dc.contributor.tiedekuntaInformaatioteknologian tiedekuntafi
dc.contributor.tiedekuntaFaculty of Information Technologyen
dc.contributor.laitosTietojenkäsittelytieteiden laitosfi
dc.contributor.laitosDepartment of Computer Science and Information Systemsen
dc.contributor.yliopistoUniversity of Jyväskyläen
dc.contributor.yliopistoJyväskylän yliopistofi
dc.contributor.oppiaineTietojärjestelmätiedefi
dc.date.updated2016-06-29T08:54:57Z
dc.rights.accesslevelopenAccessfi
dc.contributor.oppiainekoodi601
dc.subject.ysotietoturva
dc.subject.ysosuojautuminen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record