Library and Information Service >
Review on the Research Status and Development Trends of Information Security Behavior
Received date: 2014-10-27
Revised date: 2014-12-05
Online published: 2014-12-20
Information security behavior research is an important branch of information system and a constituent part of information security practices,which addresses personal behavior in the information protection and information system assets.Based on the literature review,it finds the current research focuses on the following four aspects of the individual user's information security behavior,the information technology intruder behavior,policy compliance behavior and information security culture in the organization.In the future,individual security behavior research which is independent of organization context should be deepened,the interdisciplinary research method should be used,the sample should be more real and diversified,and the research contents should be richer,so as to build a safe information environment for organization.
Li Jing . Review on the Research Status and Development Trends of Information Security Behavior[J]. Library and Information Service, 2014 , 58(24) : 126 -130,137 . DOI: 10.13266/j.issn.0252-3116.2014.24.020
[1] Schultz E.The human factor in security[J].Computers and Security, 2005, 24(6): 425-426.
[2] Computer System Security and Privacy Advisory Board.National Institute of Standards and Technology 1991 Annual Report [EB/OL].[2014-12-23].http://csrc.nist.gov/groups/SMA /ispab/documentation.html.
[3] Richardson R.2010/2011 CSI computer crime and security survey[EB/OL].[2014-04-08].http://www.GoCSI.com.
[4] 福建一高校8万学生信息网上"裸奔" 被责令整改[EB/OL].[2014-03-25].http://www.chinanews.com/edu/2014/03-25/5990761.shtml.
[5] Wood C, Jr.Banks W.Human error: An overlook but significant information security problem[J].Computers & Security, 1993, 12(1): 51-60.
[6] McCauley-Bell P, Crumpton L.The human factors issues in information security: What are they and do they matter[J/OL].[2014-04-08].http://pro.sagepub.com/content/42/4/439.
[7] Hussein R, Lambensa F, Anom R.Information security behaviour:A descriptive analysis on a Malaysian Public University [EB/OL].[2014-12-23].eprints.sunway.edu.my/114/1/ICS2011_14.pdf.
[8] Whitman M.In defense of the realm:Understanding the threats to information security[J].International Journal of Information Management, 2004, 24(1):43-47.
[9] Im G, Baskerville R.A longitudinal study of information system threat categories:The enduring problem of human error[J].The Data Base for Advances in Information Systems, 2005, 36(4): 68-79.
[10] Stanton J, Stam K, Mastrangelo P, et al.Analysis of end user security behaviors[J].Computers & Security, 2005, 24(2): 124-133.
[11] 张延芝, 王以群, 李军舰.网络信息安全人因失误行为类型分析[J].情报杂志, 2008, 33(6):112-133.
[12] Guo K.Security-related behavior in using information systems in the workplace:A review and synthesis[J].Computers & Security, 2013, 32: 242-251.
[13] Crossler R.Protection motivation theory:Understanding determinants to backing up personal data[J/OL].[2014-12-23].http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5428416.
[14] Liang Huigang, Xue Yajiong.Understanding security behaviors in personal computer usage:A threat avoidance perspective[J].Journal of the Association for Information Systems, 2010, 11(7): 394-413.
[15] Lee Younghwa.Understanding anti-plagiarism software adoption:An extended protection motivation theory perspective[J].Decision Support Systems, 2011, 50(2): 361-369.
[16] Nicholson A, Webber S, Dyer S, et al.SCADA security in the light of cyber-warfare[J].Computers & Security, 2012, 31(4): 418-436.
[17] Bossler A, Holt T.The effect of self-control on victimization in the cyberworld[J].Journal of Criminal Justice, 2010, 38(3): 227-236.
[18] Young R, Zhang L, Prybutok V.Hacking into the minds of hackers [EB/OL].[2014-12-23].beta.orionshoulders.com/Resources/articles/26_22379_ ().pdf.
[19] Herath T, Rao H.Protection motivation and deterrence:A framework for security policy compliance in organizations[J].European Journal of Information Systems, 2009, 18(2): 106-125.
[20] Johnston C, Warkentin M.Fear appeals and information security behaviors:An empirical study[J].MIS Quarterly, 2010, 34(3): 549-566.
[21] Bulgurcu B, Cavusoglu H, Benbasat I.Information security policy compliance:An empirical study of rationality-based beliefs and information security awareness[J].MIS Quarterly, 2010, 34(3): 523-548.
[22] Siponen M, Vance A.Neutralization:Mew insights into the problem of employee information systems security policy violations[J].MIS Quarterly, 2010, 34(3): 487-502.
[23] Hu Qing, Xu Zhengchuan, Dinev T, et al.Does deterrence work in reducing information security policy abuse by employees?[J].Communications of the ACM, 2011, 54(6): 54-60.
[24] Warkentin M, Johnston A, Shropshire J.The influence of the informal social learning environment on information privacy policy compliance efficacy and intention[J].European Journal of Information Systems, 2011, 20(3): 267-284.
[25] Ifinedo P.Understanding information systems security policy compliance:An integration of the theory of planned behavior and the protection motivation theory[J].Computers & Security, 2012, 31(1): 83-95.
[26] Hu Qing, Dinev T, Hart P, et al.Managing employee compliance with information security policies:The role of top management and organizational culture[J].Decision Sciences, 2012, 43(4): 615-660.
[27] Willison R, Warkentin M.Beyond deterrence:An expanded view of employee computer abuse[J].MIS Quarterly, 2013, 37(1): 1-20.
[28] Lowry B, Moody D.Explaining opposing compliance motivations towards organizational information security policies [J/OL].[2014-12-23].http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6480205&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6480205.
[29] Schlienger T, Teufel S.Analyzing information security culture:Increased trust by an appropriate information security culture [J/OL].[2014-12-23].http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=1232055&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D1232055.
[30] Ngo L, Zhou W, Warren M.Understanding transition towards information security culture change [EB/OL].[2014-12-23].http://dro.deakin.edu.au/view/DU:30005727?print_friendly=true.
[31] Niekerk J, Solms R.Information security culture:A management perspective[J].Computers & Security, 2010, 29(4): 476-486.
[32] Schlienger T, Teufel S.Tool supported management of information security culture [J/OL].[2014-12-23].http://link.springer.com/chapter/10.1007/0-387-25660-1_5.
[33] Vroom C, Solms R.Towards information security behavioural compliance[J].Computers & Security, 2004, 23(3): 191-198.
[34] Veiga A, Eloff J.A framework and assessment instrument for information security culture[J].Computers & Security, 2010, 29(2): 196-207.
[35] The promotion of a culture of security for information systems and networks in OECD countries (OECD)[EB/OL].[2014-10-04].http://www.oecd.org/dataoecd/16/27/35884541.pdf.
[36] Crossler R, Johnston A, Lowry P, et al.Future directions for behavioral information security research[J].Computers & Security, 2013, 32(1): 90-101.
/
| 〈 |
|
〉 |
