{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T02:01:30Z","timestamp":1760061690692,"version":"3.41.2"},"reference-count":39,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2016,6,13]],"date-time":"2016-06-13T00:00:00Z","timestamp":1465776000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2016,6,13]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this paper is to report on the use of two studies that assessed the attitudes of typical computer users. The aim of the research was to compare a self-reporting online survey with a set of one-on-one repertory grid technique interviews. More specifically, this research focussed on participant attitudes toward naive and accidental information security behaviours.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>In the first study, 23 university students responded to an online survey within a university laboratory setting that captured their attitudes toward behaviours in each of seven focus areas. In the second study, the same students participated in a one-on-one repertory grid technique interview that elicited their attitudes toward the same seven behaviours. Results were analysed using Spearman correlations.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>There were significant correlations for three of the seven behaviours, although attitudes relating to password management, use of social networking sites, information handling and reporting of security incidents were not significantly correlated.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Research limitations\/implications<\/jats:title>\n<jats:p>The small sample size (<jats:italic>n<\/jats:italic> = 23) and the fact that participants were not necessarily representative of typical employees, may have impacted on the results.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title>\n<jats:p>This study contributes to the challenge of developing a reliable instrument that will assess individual InfoSec awareness. Senior management will be better placed to design intervention strategies, such as training and education of employees, if individual attitudes are known. This, in turn, will reduce risk-inclined behaviour and a more secure organisation.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The literature review indicates that this study addresses a genuine gap in the research.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2016-0009","type":"journal-article","created":{"date-parts":[[2016,6,20]],"date-time":"2016-06-20T04:51:07Z","timestamp":1466398267000},"page":"228-240","source":"Crossref","is-referenced-by-count":22,"title":["Assessing information security attitudes: a comparison of two studies"],"prefix":"10.1108","volume":"24","author":[{"given":"Malcolm","family":"Pattinson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kathryn","family":"Parsons","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marcus","family":"Butavicius","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Agata","family":"McCormac","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dragana","family":"Calic","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121504513737500_ref001","unstructured":"Abraham, S. (2011), \u201cInformation security behaviour: factors and research directions\u201d, AMCIS 2011 Proceedings \u2013 All Submissions Paper 462, available at: http:\/\/aisel.aisnet.org\/amcis2011_submissions\/462."},{"issue":"2","key":"key2020121504513737500_ref002","article-title":"The theory of planned behaviour","volume":"50","year":"1991","journal-title":"Organisational Behaviour and Human Decision Processes"},{"issue":"1","key":"key2020121504513737500_ref003","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1037\/h0034440","article-title":"\u2019Attitudinal and normative variables as predictors of specific behaviour \u2018","volume":"27","year":"1973","journal-title":"Journal of Personality and Social Psychology"},{"issue":"1","key":"key2020121504513737500_ref004","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/14792779943000116","article-title":"Attitudes and the attitude-behavior relation: reasoned and automatic processes","volume":"11","year":"2000","journal-title":"European Review of Social Psychology"},{"issue":"1","key":"key2020121504513737500_ref005","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1016\/0001-4575(89)90048-1","article-title":"\u2018Methods for assessing drivers\u2019 perception of specific hazards on the road","volume":"21","year":"1989","journal-title":"Accident Analysis & Prevention"},{"article-title":"Personal construct theory and research method","volume-title":"Human Inquiry: A Sourcebook of New Paradigm Research","year":"1981","key":"key2020121504513737500_ref006"},{"key":"key2020121504513737500_ref007","doi-asserted-by":"crossref","first-page":"61","DOI":"10.4135\/9781446280119.n6","article-title":"Repertory Grids","volume-title":"Essential Guide to Qualitative Methods in Organizational Research","year":"2004"},{"key":"key2020121504513737500_ref008","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","article-title":"Future directions for behavioral information security research","volume":"32","year":"2013","journal-title":"Computers & Security"},{"issue":"23","key":"key2020121504513737500_ref009","first-page":"37","article-title":"An overview and tutorial of the repertory grid technique in information systems research","volume":"2008","year":"2008","journal-title":"Communications of AIS"},{"issue":"4","key":"key2020121504513737500_ref010","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1037\/h0025589","article-title":"Bystander intervention in emergencies: diffusion of responsibility","volume":"8","year":"1968","journal-title":"Journal of Personality and Social Psychology"},{"volume-title":"Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research","year":"1975","key":"key2020121504513737500_ref011"},{"edition":"2nd ed.","volume-title":"A Manual for Repertory Grid Technique","year":"2004","key":"key2020121504513737500_ref012"},{"issue":"1","key":"key2020121504513737500_ref013","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1016\/j.cose.2005.12.004","article-title":"The challenges of understanding and using security: a survey of end-users","volume":"25","year":"2006","journal-title":"Computers & Security"},{"issue":"1","key":"key2020121504513737500_ref014","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1362\/147539209X414380","article-title":"Using qualitative repertory grid techniques to explore perceptions of business-to-business online customer experience","volume":"8","year":"2009","journal-title":"Journal of Customer Behaviour"},{"key":"key2020121504513737500_ref015","first-page":"235","article-title":"The semantic differential and attitude research","volume-title":"Attitude Measurement","year":"1970"},{"volume-title":"The Easy Guide to Repertory Grids","year":"2004","key":"key2020121504513737500_ref016"},{"volume-title":"The Psychology of Personal Constructs","year":"1955","key":"key2020121504513737500_ref017"},{"issue":"7","key":"key2020121504513737500_ref018","doi-asserted-by":"crossref","first-page":"673","DOI":"10.1002\/ejsp.1978","article-title":"Integrating the stereotype content model (warmth and competence) and the Osgood semantic differential (evaluation, potency, and activity)","volume":"43","year":"2013","journal-title":"European Journal of Social Psychology"},{"issue":"4","key":"key2020121504513737500_ref019","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1016\/j.cose.2006.02.008","article-title":"A prototype for assessing information security awareness","volume":"25","year":"2006","journal-title":"Computers & Security"},{"issue":"8","key":"key2020121504513737500_ref020","doi-asserted-by":"crossref","first-page":"685","DOI":"10.1016\/S0167-4048(03)00007-5","article-title":"Improving user security behaviour","volume":"22","year":"2003","journal-title":"Computers & Security"},{"issue":"2","key":"key2020121504513737500_ref021","first-page":"136","article-title":"The nature of attitudes and attitude change","volume":"3","year":"1969","journal-title":"The Handbook of Social Psychology"},{"issue":"4","key":"key2020121504513737500_ref022","doi-asserted-by":"crossref","first-page":"794","DOI":"10.1145\/242223.246855","article-title":"Strategic directions in human-computer interaction","volume":"28","year":"1996","journal-title":"ACM Computing Surveys (CSUR)"},{"issue":"1","key":"key2020121504513737500_ref023","doi-asserted-by":"crossref","first-page":"491","DOI":"10.1146\/annurev.psych.54.101601.145044","article-title":"Human-computer interaction: psychological aspects of the human use of computing","volume":"54","year":"2003","journal-title":"Annual Review of Psychology"},{"volume-title":"The Measurement of Meaning","year":"1957","key":"key2020121504513737500_ref024"},{"issue":"15","key":"key2020121504513737500_ref025","first-page":"165","article-title":"Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q)","volume":"42","year":"2014","journal-title":"Computers & Security"},{"issue":"5","key":"key2020121504513737500_ref026","doi-asserted-by":"crossref","first-page":"362","DOI":"10.1108\/09685220710831107","article-title":"How well are information risks being communicated to your computer end-users?","volume":"15","year":"2007","journal-title":"Information Management & Computer Security"},{"key":"key2020121504513737500_ref027","unstructured":"Schneier, B. (2004), \u201cThe people paradigm\u201d, available at: www.csoonline.com\/article\/219787\/bruce-schneier-the-people-paradigm (accessed 23 June 2011)."},{"issue":"9","key":"key2020121504513737500_ref028","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1002\/pfi.4140430905","article-title":"The knowledge, attitudes, & behaviors approach how to evaluate performance and learning in complex environments","volume":"43","year":"2004","journal-title":"Performance Improvement"},{"issue":"2","key":"key2020121504513737500_ref029","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.cose.2004.07.001","article-title":"Analysis of end user security behaviors","volume":"24","year":"2005","journal-title":"Computers & Security"},{"volume-title":"Business Applications of Repertory Grid","year":"1981","key":"key2020121504513737500_ref030"},{"first-page":"931","article-title":"Exploring Business-IT alignment using the repertory grid","year":"1999","key":"key2020121504513737500_ref031"},{"issue":"1","key":"key2020121504513737500_ref032","doi-asserted-by":"crossref","first-page":"39","DOI":"10.2307\/4132340","article-title":"The repertory grid technique: a method for the study of cognition in information systems","volume":"26","year":"2002","journal-title":"MIS Quarterly"},{"issue":"4","key":"key2020121504513737500_ref033","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1108\/09685229810227649","article-title":"Information security awareness: educating your users effectively","volume":"6","year":"1998","journal-title":"Information Management & Computer Security"},{"issue":"2","key":"key2020121504513737500_ref034","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1080\/01449290500330299","article-title":"Information systems security and human behaviour","volume":"26","year":"2007","journal-title":"Behaviour & Information Technology"},{"issue":"3","key":"key2020121504513737500_ref035","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1016\/j.cose.2004.01.012","article-title":"Towards information security behavioural compliance","volume":"23","year":"2004","journal-title":"Computers & Security"},{"issue":"1","key":"key2020121504513737500_ref036","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1108\/09564239610109429","article-title":"Factors affecting information systems\u2019 success","volume":"7","year":"1996","journal-title":"International Journal of Service Industry Management"},{"volume-title":"Target Risk","year":"1994","key":"key2020121504513737500_ref037"},{"issue":"2","key":"key2020121504513737500_ref038","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1136\/ip.4.2.89","article-title":"Risk homeostasis theory: an overview","volume":"4","year":"1998","journal-title":"Injury Prevention"},{"issue":"20","key":"key2020121504513737500_ref039","first-page":"334","article-title":"Human-computer interaction research in the MIS discipline","volume":"9","year":"2002","journal-title":"Communications of the AIS"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-01-2016-0009","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2016-0009\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2016-0009\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:35Z","timestamp":1753406555000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/2\/228-240\/112169"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,6,13]]},"references-count":39,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2016,6,13]]}},"alternative-id":["10.1108\/ICS-01-2016-0009"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2016-0009","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2016,6,13]]}}}