Journal
INFORMATION SYSTEMS JOURNAL
Volume 31, Issue 3, Pages 429-472Publisher
WILEY
DOI: 10.1111/isj.12317
Keywords
contextual relevance; eye tracking; misplaced salience; phishing; security warning; situational information security awareness
Categories
Ask authors/readers for more resources
The study suggests that security-related behaviors are influenced by interactions between individuals and their perceptions of threatening situations. Past experience with phishing and security warnings increase awareness, while contextual relevance and misplaced salience of phishing emails decrease awareness.
Most contemporary studies on information security focus on largely static phenomena in examining security-related behaviours. We take a more dynamic, situational and interactionist approach that proposes that security-related behaviours result from an interaction between the person and the perception of a threatening situation. We derive and define situational information security awareness based on situation awareness literature, and examine how individual-level (innate traits, experience) and system-level factors (design variations, warning signal) influence awareness, and how it influences subsequent threat and coping appraisals, and ultimately security-related behaviours in a multi-method phishing experiment including eye tracking and survey components with 107 employees. The results underscore the importance of situational information security awareness and show that past experience with phishing and a security warning increase awareness, while phishing emails' contextual relevance and misplaced salience decrease awareness. Situational information security awareness, in turn, increases perceived threat and perceived coping efficacy and, ultimately, actual behavioural responses to phishing attacks.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available