An empirical study on information security behaviors and awareness

Abstract

In this chapter, we investigate some key factors which have effects on employees’ behaviors in violating rules which are related to information leaks given the condition that the behaviors are totally prohibited by their organization. By using collected data from a survey that we conducted, and employing a stepwise logit model, we analyze the relationships above. The primary results are as follows: First of all, myopic cognition and hyperopic cognition measured by the CFC scale have effects on the behaviors of violating organizational rules in almost all cases. Next, in many cases, individuals whose information security awareness is higher tend not to violate the rules. Third, the behavior of violating the rules is independent of the size of the organization, and is not related to the degree of workplace satisfaction and the evaluation toward the managers in some cases. Fourth, in an organization in which permanent employment is implemented, individuals tend to violate the rules. It is not easy to control psychological factors such as an individual’s attitude toward risk. Conversely, the factors regarded as organizational attributes, such as the degree of workplace satisfaction or the employment system utilized, may be controlled by designing the appropriate organizational environment. Consequently, we consider that it may be effective to improve information security awareness by information security education and training.