Miguel A Toro-Jarrin, Pilar Pazos, Miguel A Padilla
{"title":"It is not only about having good attitudes: factor exploration of the attitudes toward security recommendations","authors":"Miguel A Toro-Jarrin, Pilar Pazos, Miguel A Padilla","doi":"10.1093/cybsec/tyae011","DOIUrl":null,"url":null,"abstract":"Numerous factors determine information security-related actions (IS-actions) in the workplace. Attitudes toward following security rules and recommendations and attitudes toward specific IS actions determine intentions associated with those actions. IS research has examined the role of the instrumental aspect of attitudes. However, authors argue that attitudes toward a behavioral object are a multidimensional construct. We examined the dimensionality of attitudes toward security recommendations, hypothesized its multidimensional nature, and developed a new scale [attitudes toward security recommendations (ASR scale)]. The results indicated the multidimensional nature of attitudes toward security recommendations supporting our hypothesis. The results revealed two dimensions corresponding to the perceived legitimacy and effectiveness of security recommendations and its perceived rigor. The new ASR scale showed good psychometric properties. This work contributes to the IS research at suggesting that attitudes are a multidimensional construct in the IS context. These findings imply that the employee’s evaluation of information security policy can be examined considering their instrumentality (security recommendations are important) and rigor (security recommendations are strict). Different effects of the dimensions of attitudes over IS-action suggest different interventions. Additionally, this study offers the ASR scale as a new instrument to capture employees’ evaluation of security recommendations.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":"24 1","pages":""},"PeriodicalIF":2.9000,"publicationDate":"2024-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cybersecurity","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.1093/cybsec/tyae011","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"SOCIAL SCIENCES, INTERDISCIPLINARY","Score":null,"Total":0}
引用次数: 0
Abstract
Numerous factors determine information security-related actions (IS-actions) in the workplace. Attitudes toward following security rules and recommendations and attitudes toward specific IS actions determine intentions associated with those actions. IS research has examined the role of the instrumental aspect of attitudes. However, authors argue that attitudes toward a behavioral object are a multidimensional construct. We examined the dimensionality of attitudes toward security recommendations, hypothesized its multidimensional nature, and developed a new scale [attitudes toward security recommendations (ASR scale)]. The results indicated the multidimensional nature of attitudes toward security recommendations supporting our hypothesis. The results revealed two dimensions corresponding to the perceived legitimacy and effectiveness of security recommendations and its perceived rigor. The new ASR scale showed good psychometric properties. This work contributes to the IS research at suggesting that attitudes are a multidimensional construct in the IS context. These findings imply that the employee’s evaluation of information security policy can be examined considering their instrumentality (security recommendations are important) and rigor (security recommendations are strict). Different effects of the dimensions of attitudes over IS-action suggest different interventions. Additionally, this study offers the ASR scale as a new instrument to capture employees’ evaluation of security recommendations.
工作场所中与信息安全有关的行动(IS-行动)由许多因素决定。对遵守安全规则和建议的态度以及对具体 IS 行动的态度决定了与这些行动相关的意向。对 IS 的研究探讨了态度的工具性作用。然而,有学者认为,对行为对象的态度是一个多维度的结构。我们研究了对安全建议的态度的维度,假设其具有多维性,并开发了一个新的量表[对安全建议的态度(ASR 量表)]。结果表明,对安全建议的态度具有多维性,支持了我们的假设。结果显示了两个维度,分别对应于对安全建议合法性和有效性的感知以及对其严谨性的感知。新的 ASR 量表显示出良好的心理测量特性。这项研究表明,在 IS 环境中,态度是一个多维度的结构,这对 IS 研究做出了贡献。这些发现意味着,员工对信息安全政策的评价可以考虑其工具性(安全建议很重要)和严格性(安全建议很严格)。态度维度对 IS 行动的不同影响建议采取不同的干预措施。此外,本研究还提供了 ASR 量表,作为了解员工对安全建议评价的新工具。
期刊介绍:
Journal of Cybersecurity provides a hub around which the interdisciplinary cybersecurity community can form. The journal is committed to providing quality empirical research, as well as scholarship, that is grounded in real-world implications and solutions. Journal of Cybersecurity solicits articles adhering to the following, broadly constructed and interpreted, aspects of cybersecurity: anthropological and cultural studies; computer science and security; security and crime science; cryptography and associated topics; security economics; human factors and psychology; legal aspects of information security; political and policy perspectives; strategy and international relations; and privacy.