IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v21y2019i2d10.1007_s10796-017-9755-1.html
   My bibliography  Save this article

The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats

Author

Listed:
  • Robert E. Crossler

    (Washington State University)

  • France Bélanger

    (Virginia Technology)

  • Dustin Ormond

    (Creighton University)

Abstract

Individuals can perform many different behaviors to protect themselves from computer security threats. Research, however, generally explores computer security behaviors in isolation, typically looking at one behavior per study, such as usage of malware or strong passwords. However, defense in depth requires that multiple behaviors be performed concurrently for one’s computer to be protected. Addressing this gap in prior research, this study measures 279 individuals’ computer security behaviors and analyzes them with multi-dimensional scaling. We examined three security threats: security related performance degradation, identify theft, and data loss. The results present a mapping of security behaviors performed together with other behaviors on two dimensions for each of these threats. Using expert reviews of the resulting dimensions, the study proposes that response efficacy and response cost help explain why people perform certain behaviors together. These findings can help explain inconsistent results in prior information security research because they focused on one behavior only whereas people perform various security behaviors together in an effort to mitigate specific security threats. The study informs research and practice by identifying security threat-response pairs via expert interviews, surveying individuals on how they perform multiple security behaviors concurrently to mitigate security threats, identifying why certain behaviors are performed together, and using these findings to identify reasons why IS security research has confounding results based on specific individual threat-response pairs used in prior studies.

Suggested Citation

  • Robert E. Crossler & France Bélanger & Dustin Ormond, 2019. "The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats," Information Systems Frontiers, Springer, vol. 21(2), pages 343-357, April.
    • Handle: RePEc:spr:infosf:v:21:y:2019:i:2:d:10.1007_s10796-017-9755-1
    DOI: 10.1007/s10796-017-9755-1
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-017-9755-1
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-017-9755-1?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Matthew Warren & Shona Leitch, 2010. "Hacker Taggers: A new type of hackers," Information Systems Frontiers, Springer, vol. 12(4), pages 425-431, September.
    2. Chang-Gyu Yang & Hee-Jun Lee, 2016. "A study on the antecedents of healthcare information protection intention," Information Systems Frontiers, Springer, vol. 18(2), pages 253-263, April.
    3. Ralph L. Keeney, 1999. "The Value of Internet Commerce to the Customer," Management Science, INFORMS, vol. 45(4), pages 533-542, April.
    4. J. Kruskal, 1964. "Multidimensional scaling by optimizing goodness of fit to a nonmetric hypothesis," Psychometrika, Springer;The Psychometric Society, vol. 29(1), pages 1-27, March.
    5. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    6. MinJae Lee & JinKyu Lee, 2012. "The impact of information security failure on customer behaviors: A study on a large-scale hacking incident on the internet," Information Systems Frontiers, Springer, vol. 14(2), pages 375-393, April.
    7. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Xin Huang & Fei Yan & Liqiang Zhang & Kai Wang, 2021. "HoneyGadget: A Deception Based Approach for Detecting Code Reuse Attacks," Information Systems Frontiers, Springer, vol. 23(2), pages 269-283, April.
    2. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    3. Obi M. Ogbanufe & Corey Baham, 2023. "Using Multi-Factor Authentication for Online Account Security: Examining the Influence of Anticipated Regret," Information Systems Frontiers, Springer, vol. 25(2), pages 897-916, April.
    4. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    2. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    3. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 0. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    4. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    5. A. J. Burns & Clay Posey & Tom L. Roberts, 2021. "Insiders’ Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Complexity," Information Systems Frontiers, Springer, vol. 23(2), pages 343-360, April.
    6. Chulhwan Chris Bang, 2015. "Information systems frontiers: Keyword analysis and classification," Information Systems Frontiers, Springer, vol. 17(1), pages 217-237, February.
    7. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    8. Roger Shepard, 1974. "Representation of structure in similarity data: Problems and prospects," Psychometrika, Springer;The Psychometric Society, vol. 39(4), pages 373-421, December.
    9. Giovanna Boccuzzo & Licia Maron, 2017. "Proposal of a composite indicator of job quality based on a measure of weighted distances," Quality & Quantity: International Journal of Methodology, Springer, vol. 51(5), pages 2357-2374, September.
    10. Venugopal Gopalakrishna-Remani & Robert Paul Jones & Kerri M. Camp, 2019. "Levels of EMR Adoption in U.S. Hospitals: An Empirical Examination of Absorptive Capacity, Institutional Pressures, Top Management Beliefs, and Participation," Information Systems Frontiers, Springer, vol. 21(6), pages 1325-1344, December.
    11. René Riedl & Harald Kindermann & Andreas Auinger & Andrija Javor, 2012. "Technostress from a Neurobiological Perspective," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 4(2), pages 61-69, April.
    12. Jong-Seok Lee & Dan Zhu, 2012. "Shilling Attack Detection---A New Approach for a Trustworthy Recommender System," INFORMS Journal on Computing, INFORMS, vol. 24(1), pages 117-131, February.
    13. Jing Wang & Jay In Oh, 2023. "Factors Influencing Consumers’ Continuous Purchase Intentions on TikTok: An Examination from the Uses and Gratifications (U&G) Theory Perspective," Sustainability, MDPI, vol. 15(13), pages 1-19, June.
    14. Ján Kulfan & Lenka Sarvašová & Michal Parák & Marek Dzurenko & Peter Zach, 2018. "Can late flushing trees avoid attack by moth larvae in temperate forests?," Plant Protection Science, Czech Academy of Agricultural Sciences, vol. 54(4), pages 272-283.
    15. Ma, Jie & Tse, Ying Kei & Wang, Xiaojun & Zhang, Minhao, 2019. "Examining customer perception and behaviour through social media research – An empirical study of the United Airlines overbooking crisis," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 127(C), pages 192-205.
    16. Muñoz-Mas, Rafael & Vezza, Paolo & Alcaraz-Hernández, Juan Diego & Martínez-Capel, Francisco, 2016. "Risk of invasion predicted with support vector machines: A case study on northern pike (Esox Lucius, L.) and bleak (Alburnus alburnus, L.)," Ecological Modelling, Elsevier, vol. 342(C), pages 123-134.
    17. Ivan Mihál & Eva Luptáková & Martin Pavlík, 2021. "Wood-inhabiting macromycete communities in spruce stands on former agricultural land," Journal of Forest Science, Czech Academy of Agricultural Sciences, vol. 67(2), pages 51-65.
    18. Kumju Hwang & Hyemi Um, 2021. "Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing," Sustainability, MDPI, vol. 13(9), pages 1-20, May.
    19. Lea Sonderegger-Wakolbinger & Christian Stummer, 2015. "An agent-based simulation of customer multi-channel choice behavior," Central European Journal of Operations Research, Springer;Slovak Society for Operations Research;Hungarian Operational Research Society;Czech Society for Operations Research;Österr. Gesellschaft für Operations Research (ÖGOR);Slovenian Society Informatika - Section for Operational Research;Croatian Operational Research Society, vol. 23(2), pages 459-477, June.
    20. Venera Tomaselli, 1996. "Multivariate statistical techniques and sociological research," Quality & Quantity: International Journal of Methodology, Springer, vol. 30(3), pages 253-276, August.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:21:y:2019:i:2:d:10.1007_s10796-017-9755-1. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.