Advanced topics in information resources management
An integrative model of computer abuse based on social control and general deterrence theories
Information and Management
International Journal of Human-Computer Studies
Reality mining: sensing complex social systems
Personal and Ubiquitous Computing
Preventive and deterrent controls for software piracy
Journal of Management Information Systems
Network Software Security and User Incentives
Management Science
Employees' Behavior towards IS Security Policy Compliance
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Communications of the ACM - The psychology of security: why do good users make bad decisions?
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Perception of information security
Behaviour & Information Technology
A closer look at recognition-based graphical passwords on mobile devices
Proceedings of the Sixth Symposium on Usable Privacy and Security
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Shoulder surfing defence for recall-based graphical passwords
Proceedings of the Seventh Symposium on Usable Privacy and Security
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
Casting doubts on the viability of WiFi offloading
Proceedings of the 2012 ACM SIGCOMM workshop on Cellular networks: operations, challenges, and future design
Information Resources Management Journal
Hi-index | 0.00 |
With an increasing number of organizations allowing personal smart phones onto their networks, considerable security risk is introduced. The security risk is exacerbated by the tremendous heterogeneity of the personal mobile devices and their respective installed pool of applications. Furthermore, by virtue of the devices not being owned by the organization, the ability to authoritatively enforce organizational security polices is challenging. As a result, a critical part of organizational security is the ability to drive user security behavior through either on-device mechanisms or security awareness programs. In this paper, we establish a baseline for user security behavior from a population of over one hundred fifty smart phone users. We then systematically evaluate the ability to drive behavioral change via messaging centered on morality, deterrence, and incentives. Our findings suggest that appeals to morality are most effective over time, whereas deterrence produces the most immediate reaction. Additionally, our findings show that while a significant portion of users are securing their devices without prior intervention, it is difficult to influence change in those who do not.