dc.contributor.advisor |
Hooper, Val |
|
dc.contributor.author |
Blunt, Christian |
|
dc.date.accessioned |
2011-08-31T22:05:16Z |
|
dc.date.accessioned |
2022-10-30T20:37:11Z |
|
dc.date.available |
2011-08-31T22:05:16Z |
|
dc.date.available |
2022-10-30T20:37:11Z |
|
dc.date.copyright |
2011 |
|
dc.date.issued |
2011 |
|
dc.identifier.uri |
https://ir.wgtn.ac.nz/handle/123456789/26143 |
|
dc.description.abstract |
Human error is a significant contributing factor in information security incidents. Therefore it is important for academics and practitioners to perform research into the factors that lead to the introduction of errors and to identify methods of reducing or eliminating them.
This research draws on human error theory and health-behaviour models to understand the factors that may influence the information security behaviours of IT employees. Specifically it sets out to identify what influences their intention to comply with, or violate, the information security behaviours required by their organisations. This research is important as IT employees are responsible for the commissioning, management and maintenance of information systems, and errors (in the form of violations) made by them can dramatically reduce the effectiveness of the controls in place to reduce the likelihood and/or impact of an information security incident occurring.
It defines and empirically tests a research model which explores the information security behaviours of IT employees and introduces the constructs of previous experience and the ability to choose. This research theorises that ability to choose separates the information security behaviours of IT employees from those of end users.
The research identifies that there is a relationship between response costs (the perceived inconvenience of performing the behaviour), response efficacy (the confidence that the behaviour is practical, efficient and effective at delivering the required outcomes), cues to action (the use of security policies and procedures, awareness campaigns and training to influence behaviour), detection (the threat of detection of non-compliant behaviour and the embarrassment associated with it being discovered), ability to choose (the capability to choose whether or not to perform the behaviour), self-efficacy (the belief that they have the necessary skills and are capable of performing the behaviour) and IT employees’ intention to perform the information security behaviours required by their organisations.
The results support the theory that there is a distinction to be made between the information security behaviours of IT employees and those of end users. As a result, academics and practitioners need to consider ability to choose (volitional control) as a factor when performing research into information security behaviours. |
en_NZ |
dc.format |
pdf |
en_NZ |
dc.language |
en_NZ |
|
dc.language.iso |
en_NZ |
|
dc.publisher |
Te Herenga Waka—Victoria University of Wellington |
en_NZ |
dc.subject |
Information security |
en_NZ |
dc.subject |
Violations |
en_NZ |
dc.subject |
Behaviour |
en_NZ |
dc.title |
Unsafe Acts: Factors Influencing the Information Security Behaviours of IT Employees |
en_NZ |
dc.type |
Text |
en_NZ |
vuwschema.contributor.unit |
School of Information Management |
en_NZ |
vuwschema.subject.marsden |
289900 Other Information, Computing and Communication Sciences |
en_NZ |
vuwschema.type.vuw |
Masters Research Paper or Project |
en_NZ |
thesis.degree.discipline |
Information Systems |
en_NZ |
thesis.degree.grantor |
Te Herenga Waka—Victoria University of Wellington |
en_NZ |
thesis.degree.name |
Master of Information Management |
en_NZ |