Organizations face an onslaught of threats to their mission-critical data. While organizations continue to increase their investment in cybersecurity, user awareness, and Information Security Policy (ISP) mitigations, the employee represents the greatest threat to sensitive data loss. Understanding the linkage between a user’s Information Security Awareness (ISA) knowledge, their attitudes toward cybersecurity and cybercrime, and their risky online behaviors are critical to more effective cybersecurity investments. Therefore, the purpose of this quantitative, correlational study was to better understand linkages between the internal user’s information security awareness knowledge, attitudes toward cybersecurity and cybercrime, and their risky online behaviors. This research was completed online with 210 fully screened US working adults that utilized corporate information technology assets and were aware of their organization’s ISP. The Human Aspects of Information Security Questionnaire (HAIS-Q) was used to capture the ISA knowledge score, the Attitudes Toward Cybersecurity in Business (ATC-IB) was used to capture the attitude score, and the Risky Cybersecurity Behaviors Scale (RScB) was used to capture the behaviors score of each respondent. This study’s findings answered the research questions, added to the Knowledge, Attitudes, and Behaviors (KAB) research methodology, and showed strong correlations between the respondent’s ISA knowledge, attitudes toward cybersecurity and cybercrime, and risky online behaviors. A high statistically significant correlation was found between the knowledge (HAIS-Q) and attitudes (ATC-IB) scores (r = 0.65, p < .001). There was a large statistically significant negative correlation between the knowledge (HAIS-Q) and behaviors (RScB) scores (r = -0.74, p < .001). Finally, there was a large statistically significant negative correlation between scores on the attitudes (ATC-IB) and behaviors (RScB) (r = -0.73, p < .001). These findings show direct and high levels of significant correlations between the KAB triad components. As employee ISA knowledge improves, their attitude toward cybersecurity also improves. If either the employee knowledge or attitudes toward cybersecurity are improved, their risky online behaviors are significantly reduced. These findings indicate that investments and managerial emphasis on enhancing the employee’s ISA knowledge, attitudes, and behaviors can substantially lessen the organizational user cybersecurity risk.
|Commitee:||Appunn, Frank, Bouvin, David|
|Department:||School of Business and Technology Management|
|School Location:||United States -- California|
|Source:||DAI-A 82/9(E), Dissertation Abstracts International|
|Subjects:||Information Technology, Information science, Criminology|
|Keywords:||Insider threat, Online behaviors, Policy Noncompliance, Cybersecurity, Cybercrime, Information Security Awareness, Risky Cybersecurity Behaviors Scale|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be