Factors that influence information security behavior: An australian web-based study

Abstract

Information Security professionals have been attempting to convince senior management for many years that humans represent a major risk to the security of an organization’s computer systems and the information that these systems process. This major threat relates to the behavior of employees whilst they are using a computer at work. This paper examines the non-malicious computer-based behavior and how it is influenced by a mixture of individual, organizational and interventional factors. The specific factors reported herein include an employee’s age; education level; ability to control impulsivity; familiarity with computers; and personality. This research utilized the Qualtrics online web-based survey software to develop and distribute a questionnaire that resulted in 500 valid responses. The major conclusions of this research are that an employee’s accidental-naive behavior is likely to be less risky if they are more conscientious; older; more agreeable; less impulsive; more open; and, surprisingly, less familiar with computers.