Please use this identifier to cite or link to this item:
Type: Conference paper
Title: Naïve and accidental behaviours that compromise information security: what the experts think
Author: Calic, D.
Pattinson, M.
Parsons, K.
Butavicius, M.
McCormac, A.
Citation: Proceedings of the 10th International Symposium on Human Aspects of Information Security & Assurance, 2016 / Clarke, N., Furnell, S. (ed./s), pp.12-21
Publisher: Plymouth University
Issue Date: 2016
ISBN: 9781841024134
Conference Name: 10th International Symposium on Human Aspects of Information Security & Assurance (HAISA) (19 Jul 2016 - 21 Jul 2016 : Frankfurt, Germany)
Editor: Clarke, N.
Furnell, S.
Statement of
Dragana Calic, Malcolm Pattinson, Kathryn Parsons, Marcus Butavicius, Agata McCormac
Abstract: The aim of the present study was twofold. First it aimed to elicit Information Security (InfoSec) experts’ perceptions about the most important naïve and accidental behaviours that could compromise the InfoSec of an organisation. The second aim was to use these findings to assess the relevance of behaviours that are currently measured by the Human Aspects of Information Security Questionnaire (HAIS-Q), with the intention to further validate the instrument. We employed a qualitative, focus group data collection approach, which enabled rich discussion with InfoSec experts. Fifteen InfoSec experts were asked: “What naïve and accidental behaviours could compromise the information security of an organisation?” They brainstormed, discussed and rated the most important behaviours. According to these experts, the three most important behaviours were sharing passwords, not considering the consequences of Social Media (SM), and oversharing information on SM. It was also found that, of the eleven most important behaviours, rated by the InfoSec experts, eight were part of the HAIS-Q. Furthermore, discussions emphasised the notion of human naivety, lending support to the focus on naïve and accidental behaviours. Finally, our findings demonstrate that behaviours measured by the HAIS-Q are relevant, providing validation for the HAIS-Q.
Keywords: Information Security (InfoSec); InfoSec Behaviour; Human Aspects of Information Security Questionnaire (HAIS-Q); InfoSec Experts; Cyber Security
Rights: © 2016 Plymouth Univeristy. All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means - electronic, mechanical, photocopy, recording or otherwise, without the prior written permission of the publisher or distributor
Published version:
Appears in Collections:Aurora harvest 7
Psychology publications

Files in This Item:
There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.