nach oben

International Journal of Information Security

Erschienen in:

24.11.2022 | Regular Contribution

How education level influences internet security knowledge, behaviour, and attitude: a comparison among undergraduates, postgraduates and working graduates

verfasst von: Qin An, Wilson Cheong Hin Hong, XiaoShu Xu, Yunfeng Zhang, Kimberly Kolletar-Zhu

Erschienen in: International Journal of Information Security | Ausgabe 2/2023

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

During the pandemic, the prevailing online learning has brought tremendous benefits to the education field. However, it has also become a target for cybercriminals. Cybersecurity awareness (CSA) or Internet security awareness in the education sector turns out to be critical to mitigating cybersecurity risks. However, previous research indicated that using education level alone to judge CSA level received inconsistent results. This study postulated Social Educational Level (SEL) as a moderator with an extended Knowledge-Attitude-Behaviour model, used students’ year level as a proxy for the impact of education level, and used work exposure for the influence of social education level, to compare CSA among undergraduates, postgraduates and working graduates. The participants in the study were divided into six groups, namely year 1 university students, year 2-3university students, final-year students, postgraduate students, young working graduates, and experienced working graduates. The Human Aspects of Information Security Questionnaire was used to conduct a large-scale survey. The multivariate regression model analysis showed significant differences among the knowledge, attitude and behaviour dimensions across groups with different conditions of year-level and work exposure. However, it was found that SEL played a more significant role than an individual’s education level. The study suggested that a greater endeavour be committed to educating the public at large together with individuals, institutes, corporate and governments to improve the national CSA level.

Nächster Artikel Adversarial security mitigations of mmWave beamforming prediction models using defensive distillation and adversarial retraining

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Rahim, N.H.A., Hamid, S., Mat Kiah, M.L., Shamshirband, S., Furnell, S.: A systematic review of approaches to assessing cybersecurity awareness. Kybernetes 44, 606–622 (2015). https://doi.org/10.1108/k-12-2014-0283CrossRef

Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50, 179–211 (1991). https://doi.org/10.1016/0749-5978(91)90020-tCrossRef

Rogers, E.M.: Diffusion of Innovations. Free Press, New York (2003)

Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Comput. Secur. 25, 289–296 (2006). https://doi.org/10.1016/j.cose.2006.02.008CrossRef

McCormac, A., Calic, D., Butavicius, M., Parsons, K., Zwaans, T., Pattinson, M.: A reliable measure of information security awareness and the identification of bias in responses. Australas. J. Inf. Syst. (2017). https://doi.org/10.3127/ajis.v21i0.1697CrossRef

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C.: Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput. Secur. 42, 165–176 (2014). https://doi.org/10.1016/j.cose.2013.12.003CrossRef

Hong, W.C.H., Chi, C., Liu, J., Zhang, Y., Lei, V.N.-L., Xu, X.: The influence of social education level on cybersecurity awareness and behaviour: a comparative study of university students and working graduates. Educ. Inf. Technol. (2022). https://doi.org/10.1007/s10639-022-11121-5CrossRef

Ulven, J.B., Wangen, G.: A systematic review of cybersecurity risks in higher education. Future Internet 13, 39 (2021). https://doi.org/10.3390/fi13020039CrossRef

Wiley, A., McCormac, A., Calic, D.: More than the individual: examining the relationship between culture and information security awareness. Comput. Secur. 88, 101640 (2020). https://doi.org/10.1016/j.cose.2019.101640CrossRef

10.

Li, Y.-L., Li, Y., Li, A.: A study on college students’ internet information ethics cognition and influencing factors [大学生网络信息伦理认知与影响因素研究]. Inf. Doc. Work 35, 10–16 (2014)

11.

Huang, X., He, W., Hua, C., Shang, Y.: The Statistical Analysis about Status and Influencing Factors of University Students’ Safety Accidents. Statistical and Application [高校学生安全事故发生状况及其影响因素的统计分析]. 3, 57–67 (2014). https://doi.org/10.12677/sa.2014.32009

12.

Elkhannoubi, H., & Belaissaoui, M.: Assess developing countries’ cybersecurity capabilities through a social influence strategy. In: 2016 7th International Conference on Sciences of Electronics, Technologies of Information and Telecommunications (SETIT) pp.19–23 IEEE. (2016). https://doi.org/10.1109/SETIT.2016.7939834

13.

Fishbein, M., Ajzen, I.: Belief, attitude, intention, and behavior: an Introduction to Theory and Research. Addison-Wesley Pub. Co, Reading, Mass. (1975)

14.

Vance, A.: Why Do Employees Violate Is Security policies?: Insights from Multiple Theoretical Perspectives, http://urn.fi/urn:isbn:9789514262876

15.

Ng, B.-Y., Kankanhalli, A., Xu, Y.: (Calvin): studying users’ computer security behavior: a health belief perspective. Decis. Support Syst. 46, 815–825 (2009). https://doi.org/10.1016/j.dss.2008.11.010CrossRef

16.

Fan, J., Zhang, P.: Study on e-government Information Misuse Based on General Deterrence Theory. In: ICSSSM11. pp. 1–6. IEEE Institute of Electrical & Electronic Engineers (2011)

17.

Mathieson, K.: Predicting user intentions: comparing the technology acceptance model with the theory of planned behaviour. Inf. Syst. Res. 2, 173–191 (1991). https://doi.org/10.1287/isre.2.3.173CrossRef

18.

Siponen, M.T.: A conceptual foundation for organizational information security awareness. Inf. Manag. Comput. Secur. 8, 31–41 (2000). https://doi.org/10.1108/09685220010371394CrossRef

19.

Heirman, W., Walrave, M., Vermeulen, A., Ponnet, K., Vandebosch, H., Hardies, K.: Applying the theory of planned behavior to adolescents’ acceptance of online friendship requests sent by strangers. Telemat. Inform. 33, 1119–1129 (2016). https://doi.org/10.1016/j.tele.2016.01.002CrossRef

20.

Chandarman, R., Van Niekerk, B.: Students’ cybersecurity awareness at a private tertiary educational institution. Afr. J. Inf. Commun. (2017). https://doi.org/10.23962/10539/23572CrossRef

21.

Ifinedo, P.: Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput. Secur. 31, 83–95 (2012). https://doi.org/10.1016/j.cose.2011.10.007CrossRef

22.

Anderson, C., Agarwal, R.: Practicing safe computing: a multimethod empirical examination of home computer user security behavioral intentions. MIS Q. 34, 613 (2010). https://doi.org/10.2307/25750694CrossRef

23.

Chen, Y., Zahedi, F.M.: Individuals’ internet security perceptions and behaviors: polycontextual contrasts between the United States and China. MIS Q. 40, 205–222 (2016). https://doi.org/10.25300/misq/2016/40.1.09CrossRef

24.

Warkentin, M., Johnston, A.C., Shropshire, J., Barnett, W.D.: Continuance of protective security behavior: a longitudinal study. Decis. Support Syst. 92, 25–35 (2016). https://doi.org/10.1016/j.dss.2016.09.013CrossRef

25.

Herath, T., Rao, H.R.: Protection motivation and deterrence: a framework for security policy compliance in organisations. Eur. J. Inf. Syst. 18, 106–125 (2009). https://doi.org/10.1057/ejis.2009.6CrossRef

26.

Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47, 154–165 (2009). https://doi.org/10.1016/j.dss.2009.02.005CrossRef

27.

Roberts, S.A.: Exploring the Relationships between User Cybersecurity Knowledge, Cybersecurity and Cybercrime Attitudes, and Online Risky Behaviors, https://www.proquest.com/openview/c1c31d84698165e5843133986323a773/1.pdf?pq-origsite=gscholar&cbl=18750&diss=y, (2021)

28.

De-Graft Aikins, A., Boynton, P., Atanga, L.L.: Developing effective chronic disease interventions in Africa: insights from Ghana and Cameroon. Glob. Health (2010). https://doi.org/10.1186/1744-8603-6-6CrossRef

29.

Schrader, P.G., Lawless, K.A.: The knowledge, attitudes, & behaviors approach how to evaluate performance and learning in complex environments. Perform. Improv. 43, 8–15 (2004). https://doi.org/10.1002/pfi.4140430905CrossRef

30.

Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.: The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Comput. Secur. 66, 40–51 (2017). https://doi.org/10.1016/j.cose.2017.01.004CrossRef

31.

Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł, Cetin, F., Basim, H.N.: Cyber security awareness, knowledge and behavior: a comparative study. J. Comput. Inf. Syst. 62, 1–16 (2020). https://doi.org/10.1080/08874417.2020.1712269CrossRef

32.

Worsley, A.: Nutrition knowledge and food consumption: can nutrition knowledge change food behaviour? Asia Pac. J. Clin. Nutr. 11, S579–S585 (2002). https://doi.org/10.1046/j.1440-6047.11.supp3.7.xCrossRef

33.

Parsons, K., McCormac, A., Pattinson, M.R., Butavicius, M.A., Jerram, C.: An Analysis of Information Security Vulnerabilities at Three Australian Government Organisations, In Furnell, S. M., Clarke, N. L. & Katos, V (Eds). Proceedings of the European Information Security Multi-Conference (EISMC 2013). 34–44 (2013)

34.

McCormac, A., Calic, D., Parsons, K., Butavicius, M., Pattinson, M., Lillie, M.: The effect of resilience and job stress on information security awareness. Inf. Comput. Secur. 26, 277–289 (2018). https://doi.org/10.1108/ics-03-2018-0032CrossRef

35.

Bostan, A., Akman, I.: Impact of Education on Security Practices in ICT. Tehnicki Vjesnik—Technical Gazette. 22, 161–168 (2015). https://doi.org/10.17559/tv-20140403122930

36.

Brilingaitė, A., Bukauskas, L., Juozapavičius, A.: A framework for competence development and assessment in hybrid cybersecurity exercises. Comput. Secur. 88, 101607 (2020). https://doi.org/10.1016/j.cose.2019.101607CrossRef

37.

Pattinson, M., Butavicius, M., Parsons, K., McCormac, A., Calic, D.: Managing information security awareness at an Australian bank: a comparative study. Inf. Comput. Secur. 25, 181–189 (2017). https://doi.org/10.1108/ics-03-2017-0017CrossRef

38.

Shropshire, J., Warkentin, M., Sharma, S.: Personality, attitudes, and intentions: predicting initial adoption of information security behavior. Comput. Secur. 49, 177–191 (2015). https://doi.org/10.1016/j.cose.2015.01.002CrossRef

39.

Hadlington, L., Parsons, K.: Can cyberloafing and internet addiction affect organizational information security? Cyberpsychol. Behav. Soc. Netw. 20, 567–571 (2017). https://doi.org/10.1089/cyber.2017.0239CrossRef

40.

Chaudhary, S., Zhao, Y., Berki, E., Valtanen, J., Li, L., Helenius, M., Mystakidis, S.: A cross-cultural and gender-based perspective for online security: exploring knowledge, skills and attitudes of higher education students. IADIS Int. J. WWW/Internet 13, 57–71 (2015)

41.

Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Inf. Secur. Appl. 42, 36–45 (2018). https://doi.org/10.1016/j.jisa.2018.08.002CrossRef

42.

Choi, M., Levy, Y., & Anat, H.: The Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills Influence on Computer Misuse. In Proceedings of the Eighth Pre-ICIS Workshop on Information Security and Privacy. 1. December (2013)

43.

Brilingaitė, A., Bukauskas, L., Juozapavičius, A.: A framework for competence developmentand assessment in hybrid cybersecurity exercises. Comput. Secur. 88, 1–13 (2020). https://doi.org/10.1016/j.cose.2019.101607CrossRef

44.

Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J.: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems pp. 373–382 (2010)

45.

Das, S.: Social cybersecurity: understanding and leveraging social influence to increase security sensitivity. It-inf. Technol 58(5), 237–245 (2016). https://doi.org/10.1515/itit-2016-0008CrossRef

46.

Rader, E., Wash, R., & Brooks, B.: Stories as informal lessons about security. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, pp. 1–17 (2012). https://doi.org/10.1145/2335356.2335364

47.

Kam, H.-J., Mattson, T., Goel, S.: A cross industry study of institutional pressures on organizational effort to raise information security awareness. Inf. Syst. Front. 22, 1241–1264 (2020). https://doi.org/10.1007/s10796-019-09927-9CrossRef

48.

Watson, H., Moju-Igbene, E., Kumari, A., Das, S.: “We Hold Each Other Accountable”: unpacking How Social Groups Approach Cybersecurity and Privacy Together. Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. (2020). https://doi.org/10.1145/3313831.3376605

49.

United Nations Development Programme. Human Development Report 2020—The next frontier:Human Development and the Anthropocene. (2020). http://hdr.undp.org/sites/default/files/hdr2020.pdf. Accessed 12 July 2021

50.

National Bureau of Statistics of China. 2020 China statistical yearbook. China Statistics Press. (2021). http://www.stats.gov.cn/tjsj/ndsj/2020/indexeh.htm. Accessed 2 Aug 2021

51.

Aivazpour, Z., Rao, V.S.: (Chino): information disclosure and privacy paradox. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 51, 14–36 (2020). https://doi.org/10.1145/3380799.3380803CrossRef

52.

Lipsitz, S.R., Parzen, M.: Sample size calculations for non-randomized studies. Statistician 44, 81 (1995). https://doi.org/10.2307/2348619CrossRef

53.

Mei, B., Brown, G.T.L.: Conducting online surveys in China. Soc. Sci. Comput. Rev. 36, 721–734 (2017). https://doi.org/10.1177/0894439317729340CrossRef

54.

Razali, N.M., Wah, Y.B.: Power comparisons of Shapiro-Wilk, Kolmogorov-Smirnov, Lilliefors and Anderson-Darling tests. J. Stat. Model. Anal. 2, 21–33 (2011)

55.

Jin, R.: Discussion on the Teaching Reform of Computer Fundamental Course for non-computer Majors in Applied Universities [应用型本科院校非计算机专业《计算机基础》教学改革探讨]. Fujian Comput. 10, 174–175 (2018). https://doi.org/10.16707/j.cnki.fjpc.2018.10.088

56.

Chen, S.: Research on VC + + Curriculum Construction for Non-computer Major Postgraduate Students [非计算机专业研究生 VC + +课程建设研究]. J. Lanzhou Inst. Educ. 35, 80–81, 145 (2019)

57.

A. Farooq, J. Isoaho, S. Virtanen and J. Isoaho, "Information security awareness in educational institution: an analysis of students' individual factors," IEEE Trustcom/BigDataSE/ISPA, 2015, pp. 352–359 (2015) https://doi.org/10.1109/Trustcom.2015.394

58.

Alqahtani, M.A.: Cybersecurity awareness based on software and e-mail security with statistical analysis. Comput. Intell. Neurosci. (2022). https://doi.org/10.1155/2022/6775980CrossRef

59.

Mutunhu, B., Dube, S., Ncube, N., & Sibanda, S.: Cyber Security Awareness and Education Framework for Zimbabwe Universities: A Case of National University of Science and Technology. Proceedings of the International Conference on Industrial Engineering and Operations Management Nsukka, Nigeria, 5–7 April, 2022

60.

Moallem, A.: Cyber security awareness among college students. In International conference on applied human factors and ergonomics, pp. 79–87. Springer, New York (2018) https://doi.org/10.1007/978-3-319-94782-2_8

61.

Li, Y.-L., Li, Y., & Li, A. A study on college Students’ internet information ethics cognition and influencing factors [大学生网络信息伦理认知与影响因素研究]. Information and Documentation Work, 35(2), 10–16 (2014). http://qbzl.ruc.edu.cn/EN/abstract/abstract669.shtml Accessed 10 June 2022

62.

Sun, W.: Investigation of Safety Consciousness of University Students in Dalian City [大连市大学生网络安全意识调查研究]., (2018)

63.

Berki, E., Kandel, C., Zhao, Y., Chaudhary, S.: Comparative study of cyber-security knowledge in higher education institutes of five countries. Educ. Comput. Sci. (2017). https://doi.org/10.21125/edulearn.2017.1591CrossRef

64.

Senali, M. G., Cripps, H., Meek, S., & Ryan, M. M.: A comparison of Australians, Chinese and Sri Lankans' payment preference at point-of-sale. Market. Intell. Plan. 40(1), 18–32 (2021). https://doi.org/10.1108/MIP-07-2021-0235

65.

Mezzour, G., Carley, K.M., Carley, L.R.: An empirical study of global malware encounters. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security. ACM, p. 8, (2015)

66.

Gantz, J.F., Vavra, T., Lim, V.: Unlicensed Software and Cybersecurity Threats, BSA- The Software Alliance, January (2015)

67.

Zhao, J., Xu, F.: The state of ICT education in China: a literature review. Front. Educ. China 5, 50–73 (2010). https://doi.org/10.1007/s11516-010-0006-1CrossRef

Titel: How education level influences internet security knowledge, behaviour, and attitude: a comparison among undergraduates, postgraduates and working graduates
verfasst von: Qin An
Wilson Cheong Hin Hong
XiaoShu Xu
Yunfeng Zhang
Kimberly Kolletar-Zhu
Publikationsdatum: 24.11.2022
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 2/2023
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-022-00637-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2023

Trends in publishing blockchain surveys: a bibliometric perspective

A simple and secure user authentication scheme using Map Street View with usability analysis based on ISO/IEC 25022

Defense against membership inference attack in graph neural networks through graph perturbation

An intrusion detection approach based on incremental long short-term memory

Design and analysis of DDoS mitigating network architecture

SealFSv2: combining storage-based and ratcheting for tamper-evident logging

Premium Partner