Skip to main content
SpringerLink
Log in

Development of Students’ Security and Privacy Habits Scale

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2019)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 70))

Included in the following conference series:

Abstract

The cyber space offers many opportunities to general public but it has its dark side in terms of cyber crimes. Apart from technical security, the human factor plays an important role in safe guarding the security and privacy of systems. The end users especially students need to be aware of protective measures they can adopt to safe guard themselves through security awareness and trainings. The awareness programs should be comprehensive and be tailored according to the security and privacy awareness of the individuals. Therefore, the target individuals should be assessed in terms of their security and privacy habits and practices. The previous endeavors in this respect make use of questionnaire instruments that are specific to a particular type of individuals such as employees of an organizations or tap onto use of a specific device. This study presents development of an instrument that gauges the security and privacy habits/practices of end users specifically students.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Thompson, H.: The human element of information security. IEEE Secur. Priv. 11(1), 32–35 (2013)

    Article  Google Scholar 

  2. Allen, G.: Hitting the ground running. Security 48(12), 44–45 (2011)

    Google Scholar 

  3. Wilson, M., Hash, J.: Building an information technology security awareness and training program. NIST Spec. Publ. 800(50), 1–39 (2003)

    Google Scholar 

  4. Kim, E.B.: Recommendations for information security awareness training for college students. Inf. Manag. Comput. Secur. 22(1), 115–126 (2014)

    Article  Google Scholar 

  5. Statista: All products require an annual contract prices do not include sales tax, “Global digital population 2018|Statistic,” Statista (Online). Available: https://www.statista.com/statistics/617136/digital-population-worldwide/. Last accessed 09 June 2018

  6. Evans, D.: How the Next Evolution of the Internet Is Changing Everything, p. 11 (2011)

    Google Scholar 

  7. Business of Apps.: Facebook revenue and usage statistics (2018). Business of Apps. (Online). Available: http://www.businessofapps.com/data/facebook-statistics/. Last accessed 09 June 2018

  8. Statista: All products require an annual contract prices do not include sales tax, “Leading global social networks 2018|Statistic,” Statista (Online). Available: https://www.statista.com/statistics/272014/global-social-networks-ranked-by-number-of-users/. Last accessed 09 June 2018

  9. Aslam, S.: • YouTube by the numbers (2018): stats, demographics & fun facts, 05 Feb 2018

    Google Scholar 

  10. Öğütçü, G., Testik, Ö.M., Chouseinoglou, O.: Analysis of personal information security behavior and awareness. Comput. Secur. 56, 83–93 (2016)

    Article  Google Scholar 

  11. Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards IS security policy compliance. In: 40th Annual Hawaii International Conference on System Sciences, 2007. HICSS 2007, pp. 156b-156b (2007)

    Google Scholar 

  12. Stanton, J., Mastrangelo, P., Stam, K., Jolton, J.: Behavioral information security: two end user survey studies of motivation and security practices. In: AMCIS 2004 Proceedings, p. 175 (2004)

    Google Scholar 

  13. Schultz, E.E., Proctor, R.W., Lien, M.-C., Salvendy, G.: Usability and security an appraisal of usability issues in information security methods. Comput. Secur. 20(7), 620–634 (2001)

    Article  Google Scholar 

  14. Trček, D., Trobec, R., Pavešić, N., Tasič, J.F.: Information systems security and human behaviour. Behav. Inf. Technol. 26(2), 113–118 (2007)

    Article  Google Scholar 

  15. Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)

    Article  Google Scholar 

  16. Al-Saggaf, Y.: An exploratory study of attitudes towards privacy in social media and the threat of blackmail: the views of a group of Saudi women. Electron. J. Inf. Syst. Dev. Ctries. 75 (2016)

    Article  MathSciNet  Google Scholar 

  17. Mills, J.L.: Privacy: the Lost Right. Oxford University Press (2008)

    Google Scholar 

  18. Davidson, M.A.: Leading by example: the case for IT security in academia. Educ. Rev. 40(1) (2005)

    Google Scholar 

  19. Chandarman, R., Van Niekerk, B.: Students’ Cybersecurity Awareness at a Private Tertiary Educational Institution (2017)

    Google Scholar 

  20. Pramod, D., Raman, R.: A Study on the User Perception and Awareness of Smartphone Security (2014)

    Google Scholar 

  21. Aliyu, M., Abdallah, N.A., Lasisi, N.A., Diyar, D., Zeki, A.M.: Computer security and ethics awareness among IIUM students: an empirical study. In: 2010 International Conference on Information and Communication Technology for the Muslim World (ICT4M), pp. A52–A56 (2010)

    Google Scholar 

  22. Joinson, A.N., Reips, U.-D., Buchanan, T., Schofield, C.B.P.: Privacy, trust, and self-disclosure online. Hum. Comput. Interact. 25(1), 1–24 (2010)

    Article  Google Scholar 

  23. Von Solms, B., Von Solms, R.: The 10 deadly sins of information security management. Comput. Secur. 23(5), 371–376 (2004)

    Article  Google Scholar 

  24. Wilson, M., de Zafra, D.E., Pitcher, S.I., Tressler, J.D., Ippolito, J.B.: Information Technology Security Training Requirements: a Role- and Performance-Based Model. National Inst of Standards and Technology Gaithersburg MD Computer Security Div (1998)

    Google Scholar 

  25. Lunt, B.M., et al.: Curriculum Guidelines for Undergraduate Degree Programs in Information Technology, vol. 2, no. 2009. Retrieved Mar 2008

    Google Scholar 

  26. Susan Hansche, C.: Designing a Security Awareness Program: Part 1 (2001)

    Article  Google Scholar 

  27. Rahim, N.H.A., Hamid, S., Mat Kiah, M.L., Shamshirband, S., Furnell, S.: A systematic review of approaches to assessing cybersecurity awareness. Kybernetes 44(4), 606–622 (2015)

    Article  Google Scholar 

  28. Al-Daeef, M.M., Basir, N., Saudi, M.M.: Security awareness training: a review. Proc. World Congr. Eng. 1, 5–7 (2017)

    Google Scholar 

  29. Haeussinger, F., Kranz, J.: Antecedents of employees’ information security awareness-review, synthesis, and directions for future research. In: Proceedings of the 25th European Conference on Information Systems (ECIS) (2017)

    Google Scholar 

  30. Fung, C.C., Khera, V., Depickere, A., Tantatsanawong, P., Boonbrahm, P.: Raising information security awareness in digital ecosystem with games—a pilot study in Thailand. In: 2nd IEEE International Conference on Digital Ecosystems and Technologies, 2008. DEST 2008, pp. 375–380 (2008)

    Google Scholar 

  31. Rahim, M.M., Cheo, A., Cheong, K.: IT security expert’s presentation and attitude changes of end-users towards IT security aware behaviour: a pilot study. In: ACIS 2008 Proceedings, p. 33 (2008)

    Google Scholar 

  32. Kruger, H., Drevin, L., Steyn, T.: A vocabulary test to assess information security awareness. Inf. Manag. Comput. Secur. 18(5), 316–327 (2010)

    Article  Google Scholar 

  33. Kruger, H., Drevin, L., Steyn, T.: Email security awareness—a practical assessment of employee behaviour. In: Fifth World Conference on Information Security Education, pp. 33–40 (2007)

    Google Scholar 

  34. Hellqvist, F., Ibrahim, S., Jatko, R., Andersson, A., Hedström, K.: Getting their hands stuck in the cookie jar-students’ security awareness in 1:1 laptop schools. Int. J. Public Inf. Syst. 9(1) (2013)

    Google Scholar 

  35. Kam, H.-J., Katerattanakul, P.: Out-of-Class Learning: a Pedagogical Approach of Promoting Information Security Education (2014)

    Google Scholar 

  36. Dodge Jr., R.C., Carver, C., Ferguson, A.J.: Phishing for user security awareness. Comput. Secur. 26(1), 73–80 (2007)

    Article  Google Scholar 

  37. Solic, K., Velki, T., Galba, T.: Empirical study on ICT system’s users’ risky behavior and security awareness. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1356–1359 (2015)

    Google Scholar 

  38. Egelman, S., Peer, E.: Scaling the security wall: developing a security behavior intentions scale (sebis). In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2873–2882 (2015)

    Google Scholar 

  39. Egelman, S., Harbach, M., Peer, E.: Behavior ever follows intention. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: CHI ‘16, pp. 1–5 (2016)

    Google Scholar 

  40. Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C.: Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput. Secur. 42, 165–176 (2014)

    Article  Google Scholar 

  41. Pattinson, M., Parsons, K., Butavicius, M., McCormac, A., Calic, D.: Assessing information security attitudes: a comparison of two studies. Inf. Comput. Secur. 24(2), 228–240 (2016)

    Article  Google Scholar 

  42. Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.: The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Comput. Secur. 66, 40–51 (2017)

    Article  Google Scholar 

  43. Crossler, R., Bélanger, F.: An extended perspective on individual security behaviors: protection motivation theory and a unified security practices (USP) instrument. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 45(4), 51–71 (2014)

    Article  Google Scholar 

  44. Gökçearslan, Ş., Seferoğlu, S.S.: The use of the internet among middle school students: risky behaviors and opportunities. Kastamonu Educ. J. 24(1), 383–404 (2016)

    Google Scholar 

  45. Stutzman, F.: An evaluation of identity-sharing behavior in social network communities. Int. Digit. Media Arts J. 3(1), 10–18 (2006)

    Google Scholar 

  46. Ball, A.L., Ramim, M.M., Levy, Y.: Examining users’ personal information sharing awareness, habits, and practices in social networking sites and e-learning systems. Online J. Appl. Knowl. Manag. 3(1), 180–207 (2015)

    Google Scholar 

  47. Ion, I., Reeder, R., Consolvo, S.: “… No one can hack my mind”: comparing expert and non-expert security practices. In: Proceedings of SOUPS (2015)

    Google Scholar 

  48. Jones, B.H., Chin, A.G.: On the efficacy of smartphone security: a critical analysis of modifications in business students’ practices over time. Int. J. Inf. Manag. 35(5), 561–571 (2015)

    Article  Google Scholar 

  49. Jones, B.H., Heinrichs, L.R.: Do business students practice smartphone security? J. Comput. Inf. Syst. 53(2), 22–30 (2012)

    Google Scholar 

  50. Jones, B.H., Chin, A.G., Aiken, P.: Risky business: students and smartphones. TechTrends 58(6), 73–83 (2014)

    Article  Google Scholar 

  51. Buchanan, T., Paine, C., Joinson, A.N., Reips, U.-D.: Development of measures of online privacy concern and protection for use on the Internet. J. Am. Soc. Inf. Sci. Technol. 58(2), 157–165 (2007)

    Article  Google Scholar 

  52. Bryman, A., Cramer, D.: Quantitative Data Analysis with SPSS Release 10 for Windows: a Guide for Social Scientists. Routledge (2002)

    Google Scholar 

  53. Aytes, K., Connolly, T.: Computer security and risky computing practices: a rational choice perspective. J. Organ. End User Comput. JOEUC 16(3), 22–40 (2004)

    Article  Google Scholar 

  54. Stanton, J.M., Stam, K.R., Mastrangelo, P., Jolton, J.: Analysis of end user security behaviors. Comput. Secur. 24(2), 124–133 (2005)

    Article  Google Scholar 

  55. Milne, G.R., Labrecque, L.I., Cromer, C.: Toward an understanding of the online consumer’s risky behavior and protection practices. J. Consum. Aff. 43(3), 449–473 (2009)

    Article  Google Scholar 

  56. Ng, B.-Y., Kankanhalli, A., Xu, Y.C.: Studying users’ computer security behavior: a health belief perspective. Decis. Support Syst. 46(4), 815–825 (2009)

    Article  Google Scholar 

  57. Tsohou, A., Karyda, M., Kokolakis, S., Kiountouzis, E.: Formulating information systems risk management strategies through cultural theory. Inf. Manag. Comput. Secur. 14(3), 198–217 (2006)

    Article  Google Scholar 

  58. Oceja, L., Ambrona, T., López-Pérez, B., Salgado, S., Villegas, M.: When the victim is one among others: empathy, awareness of others and motivational ambivalence. Motiv. Emot. 34(2), 110–119 (2010)

    Article  Google Scholar 

  59. Verplanken, B., Orbell, S.: Reflections on past behavior: a self-report index of habit strength1. J. Appl. Soc. Psychol. 33(6), 1313–1330 (2003)

    Article  Google Scholar 

  60. Fogel, J., Nehmad, E.: Internet social network communities: risk taking, trust, and privacy concerns. Comput. Hum. Behav. 25(1), 153–160 (2009)

    Article  Google Scholar 

  61. Mensch, S., Wilkie, L.: Information security activities of college students: an exploratory study. J. Manag. Inf. Decis. Sci. 14(2), 91 (2011)

    Google Scholar 

  62. Galba, T., Solic, K., Lukic, I.: An information security and privacy self-assessment (ISPSA) tool for internet users. Acta Polytech. Hung. 12(7), 149–162 (2015)

    Google Scholar 

  63. Burgoon, J.K., Parrott, R., Le Poire, B.A., Kelley, D.L., Walther, J.B., Perry, D.: Maintaining and restoring privacy through communication in different types of relationships. J. Soc. Pers. Relat. 6(2), 131–158 (1989)

    Article  Google Scholar 

  64. DeCew, J.W.: In Pursuit of Privacy: Law, Ethics, and the Rise of Technology. Cornell University Press (1997)

    Google Scholar 

  65. Fox, S., Rainie, L., Horrigan, J., Lenhart, A., Spooner, T., Carter, C.: Trust and Privacy Online: Why Americans Want to Rewrite the Rules. Pew Internet Am. Life Proj., pp. 1–29 (2000)

    Google Scholar 

  66. Young, A.L., Quan-Haase, A.: Information revelation and internet privacy concerns on social network sites: a case study of Facebook. In: Proceedings of the Fourth International Conference on Communities and Technologies, pp. 265–274 (2009)

    Google Scholar 

  67. Govani, T., Pashley, H.: Student awareness of the privacy implications when using Facebook. Unpublished paper present. “Privacy Poster Fair” Carnegie Mellon Univ. Sch. Libr. Inf. Sci., vol. 9, pp. 1–17 (2005)

    Google Scholar 

  68. Tufekci, Z.: Can you see me now? Audience and disclosure regulation in online social network sites. Bull. Sci. Technol. Soc. 28(1), 20–36 (2008)

    Article  Google Scholar 

  69. Dinev, T., Hart, P.: Internet privacy concerns and their antecedents-measurement validity and a regression model. Behav. Inf. Technol. 23(6), 413–422 (2004)

    Article  Google Scholar 

  70. Velki, T., Solic, K., Ocevcic, H.: Development of users’ information security awareness questionnaire (UISAQ)—ongoing work. In: 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1417–1421 (2014)

    Google Scholar 

  71. Slusky, L., Partow-Navid, P.: Students information security practices and awareness. J. Inf. Priv. Secur. 8(4), 3–26 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Riphah International University, Islamabad, Pakistan

    Naurin Farooq Khan & Naveed Ikram

Authors
  1. Naurin Farooq Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Naveed Ikram
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Naurin Farooq Khan .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, UK

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Khan, N.F., Ikram, N. (2020). Development of Students’ Security and Privacy Habits Scale. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_64

Download citation

Publish with us

Policies and ethics

Search

Navigation