Examining Multiple Stages of Protective Behavior of Information System End-Users

Persistent Link:
http://hdl.handle.net/10150/243094
Title:
Examining Multiple Stages of Protective Behavior of Information System End-Users
Author:
Burns, Mary B.
Issue Date:
2012
Publisher:
The University of Arizona.
Rights:
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
Embargo:
Release after 09-Feb-2013
Abstract:
The adage, "old habits die hard", is especially relevant when humans learn new protective behaviors (i.e., dental flossing, IS security behaviors). The foundation that underlies many social-cognitive theories used in IS research is that intention to change predicts actual behavior change. Despite intentions to change, humans do not always change their habits due to actual or perceived obstacles, for example. In this study, user behavior, particularly with respect to vigilance over phishing attempts, was investigated via the theoretical lens of a hybrid continuum-stage behavior change model adapted from health-related fields. This type of model helps us to understand whether there are qualitatively different stages for adopting a more vigilant action plan toward phishing attempts, the number and ordering of distinct stages that a user must move through between forming an intention and subsequent behavior, what characterizes those stages, and how appropriate interventions at these stages can move a user to a higher stage of vigilant behavior. The goal of this research was to gain a better understanding of: a) whether there are distinct stages that distinguish end-users' vigilance toward phishing attempts; b) how many qualitatively different stages there are; and, c) what characterizes these stages. This study profiled IS end-users based on the model's constructs (e.g., coping self-efficacy, intention, action/coping planning, and risk perception) that examined end-users' protective behavior toward phishing attempts. In an exploratory analysis of survey data, stages of IS end-users were determined via cluster analysis techniques (hierarchical followed by K-means). A survey was administered to respondents (n= 394). Next, an agglomerative hierarchical cluster analysis using within-groups method of average linkage and Euclidean distance measures was performed on the model's constructs. Three clusters emerged as the optimal number to be used in the subsequent K-means cluster analysis. After conducting analyses for stability and validity for the 3-cluster solution, I compared the means of the model's constructs to develop profiles for the distinct three stages. I conclude that exploratory cluster analysis is an effective technique to discover natural groupings for protective behavior of IS end-users and propose future research to investigate stage-appropriate interventions to move users to higher stages.
Type:
text; Electronic Dissertation
Keywords:
Phishing; Stage models; Management Information Systems; IS end-users; IS Security
Degree Name:
Ph.D.
Degree Level:
doctoral
Degree Program:
Graduate College; Management Information Systems
Degree Grantor:
University of Arizona
Advisor:
Nunamaker, Jay F., Jr.

Full metadata record

DC FieldValue Language
dc.language.isoenen_US
dc.titleExamining Multiple Stages of Protective Behavior of Information System End-Usersen_US
dc.creatorBurns, Mary B.en_US
dc.contributor.authorBurns, Mary B.en_US
dc.date.issued2012-
dc.publisherThe University of Arizona.en_US
dc.rightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.en_US
dc.description.releaseRelease after 09-Feb-2013en_US
dc.description.abstractThe adage, "old habits die hard", is especially relevant when humans learn new protective behaviors (i.e., dental flossing, IS security behaviors). The foundation that underlies many social-cognitive theories used in IS research is that intention to change predicts actual behavior change. Despite intentions to change, humans do not always change their habits due to actual or perceived obstacles, for example. In this study, user behavior, particularly with respect to vigilance over phishing attempts, was investigated via the theoretical lens of a hybrid continuum-stage behavior change model adapted from health-related fields. This type of model helps us to understand whether there are qualitatively different stages for adopting a more vigilant action plan toward phishing attempts, the number and ordering of distinct stages that a user must move through between forming an intention and subsequent behavior, what characterizes those stages, and how appropriate interventions at these stages can move a user to a higher stage of vigilant behavior. The goal of this research was to gain a better understanding of: a) whether there are distinct stages that distinguish end-users' vigilance toward phishing attempts; b) how many qualitatively different stages there are; and, c) what characterizes these stages. This study profiled IS end-users based on the model's constructs (e.g., coping self-efficacy, intention, action/coping planning, and risk perception) that examined end-users' protective behavior toward phishing attempts. In an exploratory analysis of survey data, stages of IS end-users were determined via cluster analysis techniques (hierarchical followed by K-means). A survey was administered to respondents (n= 394). Next, an agglomerative hierarchical cluster analysis using within-groups method of average linkage and Euclidean distance measures was performed on the model's constructs. Three clusters emerged as the optimal number to be used in the subsequent K-means cluster analysis. After conducting analyses for stability and validity for the 3-cluster solution, I compared the means of the model's constructs to develop profiles for the distinct three stages. I conclude that exploratory cluster analysis is an effective technique to discover natural groupings for protective behavior of IS end-users and propose future research to investigate stage-appropriate interventions to move users to higher stages.en_US
dc.typetexten_US
dc.typeElectronic Dissertationen_US
dc.subjectPhishingen_US
dc.subjectStage modelsen_US
dc.subjectManagement Information Systemsen_US
dc.subjectIS end-usersen_US
dc.subjectIS Securityen_US
thesis.degree.namePh.D.en_US
thesis.degree.leveldoctoralen_US
thesis.degree.disciplineGraduate Collegeen_US
thesis.degree.disciplineManagement Information Systemsen_US
thesis.degree.grantorUniversity of Arizonaen_US
dc.contributor.advisorNunamaker, Jay F., Jr.en_US
dc.contributor.committeememberDurcikova, Alexandraen_US
dc.contributor.committeememberGoes, Pauloen_US
dc.contributor.committeememberNunamaker, Jay F., Jr.en_US
All Items in UA Campus Repository are protected by copyright, with all rights reserved, unless otherwise indicated.