{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T11:23:06Z","timestamp":1764588186453,"version":"3.41.2"},"reference-count":23,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2021,3,29]],"date-time":"2021-03-29T00:00:00Z","timestamp":1616976000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,8,3]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this paper is to reveal and describe the divergent viewpoints about cybersecurity within a purposefully selected group of people with a range of expertise in relation to computer security.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>Q methodology [Q] uses empirical evidence to differentiate subjective views and, therefore, behaviors in relation to any topic. Q uses the strengths of qualitative and quantitative research methods to reveal and describe the multiple, divergent viewpoints that exist within a group where individuals sort statements into a grid to represent their views. Analyses group similar views (sorts). In this study, participants were selected from a range of types related to cybersecurity (experts, authorities and uninformed).<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>Four unique viewpoints emerged such that one represents cybersecurity best practices and the remaining three viewpoints represent poor cybersecurity behaviors (Na\u00efve Cybersecurity Practitioners, Worried but not Vigilant and How is Cybersecurity a Big Problem) that indicate a need for educational interventions within both the public and private sectors.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title>\n<jats:p>Understanding the divergent views about cybersecurity is important within smaller groups including classrooms, technology-based college majors, a company, a set of IT professionals or other targeted groups where understanding cybersecurity viewpoints can reveal the need for training, changes in behavior and\/or the potential for security breaches which reflect the human factors of cybersecurity.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>A review of the literature revealed that only large, nation-wide surveys have been used to investigate views of cybersecurity. Yet, surveys are not useful in small groups, whereas Q is designed to investigate behavior through revealing subjectivity within smaller groups.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-04-2020-0052","type":"journal-article","created":{"date-parts":[[2021,3,27]],"date-time":"2021-03-27T08:06:17Z","timestamp":1616832377000},"page":"350-364","source":"Crossref","is-referenced-by-count":12,"title":["The human factor: assessing individuals\u2019 perceptions related to cybersecurity"],"prefix":"10.1108","volume":"29","author":[{"given":"Susan","family":"Ramlo","sequence":"first","affiliation":[]},{"given":"John B.","family":"Nicholas","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,3,29]]},"reference":[{"key":"key2021080202132244700_ref006","unstructured":"ACM (2017), Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity (A Report in the Computing Curricula Series Joint Task Force on Cybersecurity Education). New York, NY 10121-0701: Version 1.0 Report 31 December 2017."},{"issue":"1","key":"key2021080202132244700_ref007","article-title":"Adopting the cybersecurity curriculum guidelines to develop a secondary and primary academic discipline in cybersecurity postsecondary education","volume":"2019","year":"2019","journal-title":"Journal of Cybersecurity Education, Research and Practice"},{"issue":"9","key":"key2021080202132244700_ref008","first-page":"9331","article-title":"A new evaluation criteria for effective security awareness in computer risk management based on AHP","volume":"2","year":"2012","journal-title":"Journal of Basic and Applied Scientific Research"},{"volume-title":"Political Subjectivity: Applications of Q Methodology in Political Science","year":"1980","key":"key2021080202132244700_ref009"},{"issue":"1","key":"key2021080202132244700_ref010","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.giq.2017.02.007","article-title":"Building cybersecurity awareness: the need for evidence-based framing strategies","volume":"34","year":"2017","journal-title":"Government Information Quarterly"},{"issue":"2","key":"key2021080202132244700_ref011","doi-asserted-by":"publisher","first-page":"211","DOI":"10.3366\/pah.2010.0006","article-title":"Introduction to William Stephenson\u2019s quest for a science of subjectivity","volume":"12","year":"2010","journal-title":"Psychoanalysis and History"},{"key":"key2021080202132244700_ref012","doi-asserted-by":"publisher","first-page":"1117","DOI":"10.1016\/j.promfg.2015.07.186","article-title":"Trust as a human factor in holistic cyber security risk assessment","volume":"3","year":"2015","journal-title":"Procedia Manufacturing"},{"issue":"8","key":"key2021080202132244700_ref013","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/S1361-3723(19)30085-5","article-title":"Improving employees' cyber security awareness","volume":"2019","year":"2019","journal-title":"Computer Fraud and Security"},{"key":"key2021080202132244700_ref014","first-page":"201","article-title":"Loss of meaning in Likert scaling: a note on the Q methodological alternative","volume":"24","year":"2001","journal-title":"Operant Subjectivity"},{"volume-title":"Q Methodology","year":"2013","key":"key2021080202132244700_ref015"},{"key":"key2021080202132244700_ref016","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1016\/j.sbspro.2014.07.133","article-title":"The human factor of information security: unintentional damage perspective","volume":"147","year":"2014","journal-title":"Procedia - Social and Behavioral Sciences"},{"key":"key2021080202132244700_ref07a","first-page":"505","article-title":"Using Q methodology and Q factor analysis in mixed methods research","volume-title":"Handbook of Mixed Methods in Social & Behavioral Research","year":"2010"},{"year":"2017","key":"key2021080202132244700_ref017","article-title":"Americans and cybersecurity\u201d, Pew Research Center"},{"issue":"1","key":"key2021080202132244700_ref001","first-page":"44","article-title":"Student views about a flipped physics course: a tool for program evaluation and improvement","volume":"22","year":"2010","journal-title":"Research in the Schools"},{"key":"key2021080202132244700_ref07c","first-page":"199","article-title":"Q methodology as mixed analysis","year":"2021","journal-title":"The Routledge Reviewer\u2019s Guide for Mixed Methods Research Analysis"},{"issue":"2","key":"key2021080202132244700_ref07d","article-title":"Divergent student views of cybersecurity","volume":"2019","year":"2019","journal-title":"Journal of Cybersecurity Education, Research and Practice"},{"key":"key2021080202132244700_ref07e","doi-asserted-by":"publisher","first-page":"1","DOI":"10.15133\/j.os.2019.006","article-title":"Developing concourse & selecting a Q-sample: preparation for a Q study about urban, American, middle-school science students\u2019 views of nature","volume":"41","year":"2019","journal-title":"Operant Subjectivity: The International Journal for Q Methodology"},{"issue":"3434","key":"key2021080202132244700_ref018","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1038\/136297b0","article-title":"Technique of factor analysis","volume":"136","year":"1935","journal-title":"Nature"},{"volume-title":"The Study of Behavior: Q-Technique and Its Methodology","year":"1953","key":"key2021080202132244700_ref019"},{"volume-title":"The Play Theory of Mass Communication","year":"1967","key":"key2021080202132244700_ref020"},{"key":"key2021080202132244700_ref021","doi-asserted-by":"publisher","first-page":"18","DOI":"10.15133\/j.os.1992.014","article-title":"The issue of generalization in Q methodology","volume":"16","year":"1993","journal-title":"reliable schematics\u201d revisited\u201d, Operant Subjectivity"},{"key":"key2021080202132244700_ref022","first-page":"7","article-title":"The evaluation of public opinion","volume-title":"Reader in Public Opinion and Communication","year":"1966","edition":"2nd ed"},{"volume-title":"The Quest for Identity","year":"1958","key":"key2021080202132244700_ref023"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-04-2020-0052\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-04-2020-0052\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:52Z","timestamp":1753406572000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/2\/350-364\/117668"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,29]]},"references-count":23,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2021,3,29]]},"published-print":{"date-parts":[[2021,8,3]]}},"alternative-id":["10.1108\/ICS-04-2020-0052"],"URL":"https:\/\/doi.org\/10.1108\/ics-04-2020-0052","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"},{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2021,3,29]]}}}