Open access repository

Home Open access repository

In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).

» Openaccess proceedings » Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)

Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)

Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)
Frankfurt, Germany, July 19-21, 2016
ISBN: 978-1-84102-413-4

Title: Naïve and Accidental Behaviours that Compromise Information Security: What the Experts Think
Author(s): Dragana Calic, Malcolm Pattinson, Kathryn Parsons, Marcus Butavicius, Agata McCormac
Reference: pp12-21
Keywords: Information security (InfoSec), InfoSec behaviour, Human Aspects of Information Security Questionnaire (HAIS-Q), InfoSec experts, Cyber security
Abstract: The aim of the present study was twofold. First it aimed to elicit Information Security (InfoSec) experts’ perceptions about the most important naïve and accidental behaviours that could compromise the InfoSec of an organisation. The second aim was to use these findings to assess the relevance of behaviours that are currently measured by the Human Aspects of Information Security Questionnaire (HAIS-Q), with the intention to further validate the instrument. We employed a qualitative, focus group data collection approach, which enabled rich discussion with InfoSec experts. Fifteen InfoSec experts were asked: “What naïve and accidental behaviours could compromise the information security of an organisation?” They brainstormed, discussed and rated the most important behaviours. According to these experts, the three most important behaviours were sharing passwords, not considering the consequences of Social Media (SM), and oversharing information on SM. It was also found that, of the eleven most important behaviours, rated by the InfoSec experts, eight were part of the HAIS-Q. Furthermore, discussions emphasised the notion of human naivety, lending support to the focus on naïve and accidental behaviours. Finally, our findings demonstrate that behaviours measured by the HAIS-Q are relevant, providing validation for the HAIS-Q.
Download count: 964

How to get this paper:

Download a free PDF copy of this paperBuy this book at Lulu.com

PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.