Abstract
The cyber space offers many opportunities to general public but it has its dark side in terms of cyber crimes. Apart from technical security, the human factor plays an important role in safe guarding the security and privacy of systems. The end users especially students need to be aware of protective measures they can adopt to safe guard themselves through security awareness and trainings. The awareness programs should be comprehensive and be tailored according to the security and privacy awareness of the individuals. Therefore, the target individuals should be assessed in terms of their security and privacy habits and practices. The previous endeavors in this respect make use of questionnaire instruments that are specific to a particular type of individuals such as employees of an organizations or tap onto use of a specific device. This study presents development of an instrument that gauges the security and privacy habits/practices of end users specifically students.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Thompson, H.: The human element of information security. IEEE Secur. Priv. 11(1), 32–35 (2013)
Allen, G.: Hitting the ground running. Security 48(12), 44–45 (2011)
Wilson, M., Hash, J.: Building an information technology security awareness and training program. NIST Spec. Publ. 800(50), 1–39 (2003)
Kim, E.B.: Recommendations for information security awareness training for college students. Inf. Manag. Comput. Secur. 22(1), 115–126 (2014)
Statista: All products require an annual contract prices do not include sales tax, “Global digital population 2018|Statistic,” Statista (Online). Available: https://www.statista.com/statistics/617136/digital-population-worldwide/. Last accessed 09 June 2018
Evans, D.: How the Next Evolution of the Internet Is Changing Everything, p. 11 (2011)
Business of Apps.: Facebook revenue and usage statistics (2018). Business of Apps. (Online). Available: http://www.businessofapps.com/data/facebook-statistics/. Last accessed 09 June 2018
Statista: All products require an annual contract prices do not include sales tax, “Leading global social networks 2018|Statistic,” Statista (Online). Available: https://www.statista.com/statistics/272014/global-social-networks-ranked-by-number-of-users/. Last accessed 09 June 2018
Aslam, S.: • YouTube by the numbers (2018): stats, demographics & fun facts, 05 Feb 2018
Öğütçü, G., Testik, Ö.M., Chouseinoglou, O.: Analysis of personal information security behavior and awareness. Comput. Secur. 56, 83–93 (2016)
Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards IS security policy compliance. In: 40th Annual Hawaii International Conference on System Sciences, 2007. HICSS 2007, pp. 156b-156b (2007)
Stanton, J., Mastrangelo, P., Stam, K., Jolton, J.: Behavioral information security: two end user survey studies of motivation and security practices. In: AMCIS 2004 Proceedings, p. 175 (2004)
Schultz, E.E., Proctor, R.W., Lien, M.-C., Salvendy, G.: Usability and security an appraisal of usability issues in information security methods. Comput. Secur. 20(7), 620–634 (2001)
Trček, D., Trobec, R., Pavešić, N., Tasič, J.F.: Information systems security and human behaviour. Behav. Inf. Technol. 26(2), 113–118 (2007)
Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)
Al-Saggaf, Y.: An exploratory study of attitudes towards privacy in social media and the threat of blackmail: the views of a group of Saudi women. Electron. J. Inf. Syst. Dev. Ctries. 75 (2016)
Mills, J.L.: Privacy: the Lost Right. Oxford University Press (2008)
Davidson, M.A.: Leading by example: the case for IT security in academia. Educ. Rev. 40(1) (2005)
Chandarman, R., Van Niekerk, B.: Students’ Cybersecurity Awareness at a Private Tertiary Educational Institution (2017)
Pramod, D., Raman, R.: A Study on the User Perception and Awareness of Smartphone Security (2014)
Aliyu, M., Abdallah, N.A., Lasisi, N.A., Diyar, D., Zeki, A.M.: Computer security and ethics awareness among IIUM students: an empirical study. In: 2010 International Conference on Information and Communication Technology for the Muslim World (ICT4M), pp. A52–A56 (2010)
Joinson, A.N., Reips, U.-D., Buchanan, T., Schofield, C.B.P.: Privacy, trust, and self-disclosure online. Hum. Comput. Interact. 25(1), 1–24 (2010)
Von Solms, B., Von Solms, R.: The 10 deadly sins of information security management. Comput. Secur. 23(5), 371–376 (2004)
Wilson, M., de Zafra, D.E., Pitcher, S.I., Tressler, J.D., Ippolito, J.B.: Information Technology Security Training Requirements: a Role- and Performance-Based Model. National Inst of Standards and Technology Gaithersburg MD Computer Security Div (1998)
Lunt, B.M., et al.: Curriculum Guidelines for Undergraduate Degree Programs in Information Technology, vol. 2, no. 2009. Retrieved Mar 2008
Susan Hansche, C.: Designing a Security Awareness Program: Part 1 (2001)
Rahim, N.H.A., Hamid, S., Mat Kiah, M.L., Shamshirband, S., Furnell, S.: A systematic review of approaches to assessing cybersecurity awareness. Kybernetes 44(4), 606–622 (2015)
Al-Daeef, M.M., Basir, N., Saudi, M.M.: Security awareness training: a review. Proc. World Congr. Eng. 1, 5–7 (2017)
Haeussinger, F., Kranz, J.: Antecedents of employees’ information security awareness-review, synthesis, and directions for future research. In: Proceedings of the 25th European Conference on Information Systems (ECIS) (2017)
Fung, C.C., Khera, V., Depickere, A., Tantatsanawong, P., Boonbrahm, P.: Raising information security awareness in digital ecosystem with games—a pilot study in Thailand. In: 2nd IEEE International Conference on Digital Ecosystems and Technologies, 2008. DEST 2008, pp. 375–380 (2008)
Rahim, M.M., Cheo, A., Cheong, K.: IT security expert’s presentation and attitude changes of end-users towards IT security aware behaviour: a pilot study. In: ACIS 2008 Proceedings, p. 33 (2008)
Kruger, H., Drevin, L., Steyn, T.: A vocabulary test to assess information security awareness. Inf. Manag. Comput. Secur. 18(5), 316–327 (2010)
Kruger, H., Drevin, L., Steyn, T.: Email security awareness—a practical assessment of employee behaviour. In: Fifth World Conference on Information Security Education, pp. 33–40 (2007)
Hellqvist, F., Ibrahim, S., Jatko, R., Andersson, A., Hedström, K.: Getting their hands stuck in the cookie jar-students’ security awareness in 1:1 laptop schools. Int. J. Public Inf. Syst. 9(1) (2013)
Kam, H.-J., Katerattanakul, P.: Out-of-Class Learning: a Pedagogical Approach of Promoting Information Security Education (2014)
Dodge Jr., R.C., Carver, C., Ferguson, A.J.: Phishing for user security awareness. Comput. Secur. 26(1), 73–80 (2007)
Solic, K., Velki, T., Galba, T.: Empirical study on ICT system’s users’ risky behavior and security awareness. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1356–1359 (2015)
Egelman, S., Peer, E.: Scaling the security wall: developing a security behavior intentions scale (sebis). In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2873–2882 (2015)
Egelman, S., Harbach, M., Peer, E.: Behavior ever follows intention. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: CHI ‘16, pp. 1–5 (2016)
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C.: Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput. Secur. 42, 165–176 (2014)
Pattinson, M., Parsons, K., Butavicius, M., McCormac, A., Calic, D.: Assessing information security attitudes: a comparison of two studies. Inf. Comput. Secur. 24(2), 228–240 (2016)
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.: The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Comput. Secur. 66, 40–51 (2017)
Crossler, R., Bélanger, F.: An extended perspective on individual security behaviors: protection motivation theory and a unified security practices (USP) instrument. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 45(4), 51–71 (2014)
Gökçearslan, Ş., Seferoğlu, S.S.: The use of the internet among middle school students: risky behaviors and opportunities. Kastamonu Educ. J. 24(1), 383–404 (2016)
Stutzman, F.: An evaluation of identity-sharing behavior in social network communities. Int. Digit. Media Arts J. 3(1), 10–18 (2006)
Ball, A.L., Ramim, M.M., Levy, Y.: Examining users’ personal information sharing awareness, habits, and practices in social networking sites and e-learning systems. Online J. Appl. Knowl. Manag. 3(1), 180–207 (2015)
Ion, I., Reeder, R., Consolvo, S.: “… No one can hack my mind”: comparing expert and non-expert security practices. In: Proceedings of SOUPS (2015)
Jones, B.H., Chin, A.G.: On the efficacy of smartphone security: a critical analysis of modifications in business students’ practices over time. Int. J. Inf. Manag. 35(5), 561–571 (2015)
Jones, B.H., Heinrichs, L.R.: Do business students practice smartphone security? J. Comput. Inf. Syst. 53(2), 22–30 (2012)
Jones, B.H., Chin, A.G., Aiken, P.: Risky business: students and smartphones. TechTrends 58(6), 73–83 (2014)
Buchanan, T., Paine, C., Joinson, A.N., Reips, U.-D.: Development of measures of online privacy concern and protection for use on the Internet. J. Am. Soc. Inf. Sci. Technol. 58(2), 157–165 (2007)
Bryman, A., Cramer, D.: Quantitative Data Analysis with SPSS Release 10 for Windows: a Guide for Social Scientists. Routledge (2002)
Aytes, K., Connolly, T.: Computer security and risky computing practices: a rational choice perspective. J. Organ. End User Comput. JOEUC 16(3), 22–40 (2004)
Stanton, J.M., Stam, K.R., Mastrangelo, P., Jolton, J.: Analysis of end user security behaviors. Comput. Secur. 24(2), 124–133 (2005)
Milne, G.R., Labrecque, L.I., Cromer, C.: Toward an understanding of the online consumer’s risky behavior and protection practices. J. Consum. Aff. 43(3), 449–473 (2009)
Ng, B.-Y., Kankanhalli, A., Xu, Y.C.: Studying users’ computer security behavior: a health belief perspective. Decis. Support Syst. 46(4), 815–825 (2009)
Tsohou, A., Karyda, M., Kokolakis, S., Kiountouzis, E.: Formulating information systems risk management strategies through cultural theory. Inf. Manag. Comput. Secur. 14(3), 198–217 (2006)
Oceja, L., Ambrona, T., López-Pérez, B., Salgado, S., Villegas, M.: When the victim is one among others: empathy, awareness of others and motivational ambivalence. Motiv. Emot. 34(2), 110–119 (2010)
Verplanken, B., Orbell, S.: Reflections on past behavior: a self-report index of habit strength1. J. Appl. Soc. Psychol. 33(6), 1313–1330 (2003)
Fogel, J., Nehmad, E.: Internet social network communities: risk taking, trust, and privacy concerns. Comput. Hum. Behav. 25(1), 153–160 (2009)
Mensch, S., Wilkie, L.: Information security activities of college students: an exploratory study. J. Manag. Inf. Decis. Sci. 14(2), 91 (2011)
Galba, T., Solic, K., Lukic, I.: An information security and privacy self-assessment (ISPSA) tool for internet users. Acta Polytech. Hung. 12(7), 149–162 (2015)
Burgoon, J.K., Parrott, R., Le Poire, B.A., Kelley, D.L., Walther, J.B., Perry, D.: Maintaining and restoring privacy through communication in different types of relationships. J. Soc. Pers. Relat. 6(2), 131–158 (1989)
DeCew, J.W.: In Pursuit of Privacy: Law, Ethics, and the Rise of Technology. Cornell University Press (1997)
Fox, S., Rainie, L., Horrigan, J., Lenhart, A., Spooner, T., Carter, C.: Trust and Privacy Online: Why Americans Want to Rewrite the Rules. Pew Internet Am. Life Proj., pp. 1–29 (2000)
Young, A.L., Quan-Haase, A.: Information revelation and internet privacy concerns on social network sites: a case study of Facebook. In: Proceedings of the Fourth International Conference on Communities and Technologies, pp. 265–274 (2009)
Govani, T., Pashley, H.: Student awareness of the privacy implications when using Facebook. Unpublished paper present. “Privacy Poster Fair” Carnegie Mellon Univ. Sch. Libr. Inf. Sci., vol. 9, pp. 1–17 (2005)
Tufekci, Z.: Can you see me now? Audience and disclosure regulation in online social network sites. Bull. Sci. Technol. Soc. 28(1), 20–36 (2008)
Dinev, T., Hart, P.: Internet privacy concerns and their antecedents-measurement validity and a regression model. Behav. Inf. Technol. 23(6), 413–422 (2004)
Velki, T., Solic, K., Ocevcic, H.: Development of users’ information security awareness questionnaire (UISAQ)—ongoing work. In: 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1417–1421 (2014)
Slusky, L., Partow-Navid, P.: Students information security practices and awareness. J. Inf. Priv. Secur. 8(4), 3–26 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Khan, N.F., Ikram, N. (2020). Development of Students’ Security and Privacy Habits Scale. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_64
Download citation
DOI: https://doi.org/10.1007/978-3-030-12385-7_64
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12384-0
Online ISBN: 978-3-030-12385-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)