Asia pacific journal of information systems

The Korea Society of Management Information Systems (한국경영정보학회)
권호 표지
DOI QR코드

DOI QR Code

Comparing the Effects of Two Methods of Education (Online versus Offline) and Gender on Information Security Behaviors

  • Minjung Park (School of Business, Ewha Womans University) ;
  • Sangmi Chai (School of Business, Ewha Womans University)
  • Received : 2019.10.24
  • Accepted : 2020.03.03
  • Published : 2020.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

The importance of information security is increasing, and various efforts are being made to improve users' information security behaviors. Among these various efforts, information security education is mainly aimed at providing users with information security knowledge and improving information security awareness. This study classified the types of information security education into offline and online to examine the effects of each education method on attitudes toward information security (perceived severity, vulnerability, self-efficacy and response-efficacy) and information security behaviors. A survey was conducted for users with information security education experiences. The results obtained by comparing the differences in the path coefficients of personal information security behaviors according to information security education experiences showed that security behaviors were more significant in the online experience group than the offline group. In addition, gender differences were analyzed, and it was found that females had a greater impact on information security attitudes than males. This study also found that among Internet users with online information security education experience, females tend to have more information security behavior than males, but there were contrasting results among users with offline information security education experiences. The results of this study finally address the necessity of reflecting users' personalities in the systematic design of information security education in the future. Furthermore, the results of this study support the need for an appropriate education system that sufficiently understands education types to maximize the effects of information security education.

Keywords

References

  1. Ahn, J., and McEachin, A. (2017). Student enrollment patterns and achievement in Ohio's online charter schools. Educational Researcher, 46(1), 44-57. https://doi.org/10.3102/0013189X17692999
  2. Anwar, M., He, W., Ash, I., Yuan, X., Li, L., and Xu, L. (2017). Gender difference and employees' cybersecurity behaviors. Computers in Human Behavior, 69, 437-443. https://doi.org/10.1016/j.chb.2016.12.040
  3. Arachchilage, N. A. G., Love, S., and Beznosov, K. (2016). Phishing threat avoidance behaviour: An empirical investigation. Computers in Human Behavior, 60, 185-197. https://doi.org/10.1016/j.chb.2016.02.065
  4. Bandura, A. (2010). Self-efficacy. The Corsini Encyclopedia of Psychology, 1-3.
  5. Belanger, F., Collignon, S., Enget, K., and Negangard, E. (2017). Determinants of early conformance with information security policies. Information and Management, 54(7), 887-901. https://doi.org/10.1016/j.im.2017.01.003
  6. Beyer, S. (2014). Why are women underrepresented in Computer Science? Gender differences in stereotypes, self-efficacy, values, and interests and predictors of future CS course-taking and grades. Computer Science Education, 24(2-3), 153-192. https://doi.org/10.1080/08993408.2014.963363
  7. Bulgurcu, B., Cavusoglu, H., and Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
  8. Chai, S., and Kim, M. (2012). A road to retain cybersecurity professionals: An examination of career decisions among cybersecurity scholars. Journal of the Korea Institute of Information Security & Cryptology, 22(2), 295-316.
  9. Chai, S., Bagchi-Sen, S., Morrell, C., Rao, H. R., and Upadhyaya, S. (2009). Internet and online information privacy: An exploratory study of preteens and early teens. IEEE Transactions on Professional Communication, 52(2), 167-182. https://doi.org/10.1109/TPC.2009.2017985
  10. Chen, Y., Ramamurthy, K., and Wen, K. W. (2015). Impacts of comprehensive information security programs on information security culture. Journal of Computer Information Systems, 55(3), 11-19. https://doi.org/10.1080/08874417.2015.11645767
  11. Chenoweth, T., Minch, R., and Gattiker, T. (2009). Application of protection motivation theory to adoption of protective technologies. Paper presented at the 2009 42nd Hawaii International Conference on System Sciences.
  12. Chin, W. W. (1998). The partial least squares approach to structural equation modeling. Modern Methods for Business Research, 295(2), 295-336.
  13. Chingos, M. M., and Schwerdt, G. (2014). Virtual schooling and student learning: Evidence from the Florida Virtual School. Program on Education Policy and Governance Working Papers Series, No.PEPG 14-02. Cambridge, MA: Harvard Kennedy School.
  14. Compeau, D. R., and Higgins, C. A. (1995). Computer self-efficacy: Development of a measure and initial test. MIS Quarterly, 19(2), 189-211. https://doi.org/10.2307/249688
  15. Crossler, R. E. (2010). Protection motivation theory: Understanding determinants to backing up personal data. Paper presented at the 2010 43rd Hawaii International Conference on System Sciences.
  16. D'Arcy, J., Hovav, A., and Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79-98. https://doi.org/10.1287/isre.1070.0160
  17. Dinev, T., and Hart, P. (2004). Internet privacy concerns and their antecedents-measurement validity and a regression model. Behaviour & Information Technology, 23(6), 413-422. https://doi.org/10.1080/01449290410001715723
  18. Dinev, T., and Hu, Q. (2007). The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of the Association for Information Systems, 8(7), 23.
  19. Duncan, L. A., Schaller, M., and Park, J. H. (2009). Perceived vulnerability to disease: Development and validation of a 15-item self-report instrument. Personality & Individual Differences, 47(6), 541-546. https://doi.org/10.1016/j.paid.2009.05.001
  20. Floyd, D. L., Prentice-Dunn, S., and Rogers, R. W. (2000). A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407-429. https://doi.org/10.1111/j.1559-1816.2000.tb02323.x
  21. Fogel, J., and Nehmad, E. (2009). Internet social network communities: Risk taking, trust, and privacy concerns. Computers in Human Behavior, 25(1), 153-160. https://doi.org/10.1016/j.chb.2008.08.006
  22. Fornell, C., and Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50. https://doi.org/10.1177/002224378101800104
  23. Fortune (2019). At Google, a Rarity: Men Were Shorted by the Pay Gap, 2019.03.05. Retrieved from https://fortune.com/2019/03/04/google-gender-pay-gap-underpaying-men-wages/.
  24. Garbarino, E., and Strahilevitz, M. (2004). Gender differences in the perceived risk of buying online and the effects of receiving a site recommendation. Journal of Business Research, 57(7), 768-775. https://doi.org/10.1016/S0148-2963(02)00363-6
  25. Gelly, S., and Silver, D. (2007). Combining online and offline knowledge in UCT. Paper presented at the Proceedings of the 24th International Conference on Machine Learning.
  26. Gilbert, D., Lee-Kelley, L., and Barton, M. (2003). Technophobia, gender influences and consumer decision-making for technology-related products. European Journal of Innovation Management, 6(4), 253-263. https://doi.org/10.1108/14601060310500968
  27. Hazari, S., Hargrave, W., Clenney, B. (2008). An empirical investigation of factors influencing information security behavior. Journal of Information Privacy and Security, 4(4), 3-20. https://doi.org/10.1080/2333696X.2008.10855849
  28. Hoque, M. R., Ali, M. A., and Mahfuz, M. A. (2015). An empirical investigation on the adoption of e-Commerce in Bangladesh. Asia Pacific Journal of Information Systems, 25(1), 1-24. https://doi.org/10.14329/apjis.2015.25.1.001
  29. Hubalovsky, S., Hubalovska, M., and Musilek, M. (2019). Assessment of the influence of adaptive E-learning on learning effectiveness of primary school pupils. Computers in Human Behavior, 92, 691-705. https://doi.org/10.1016/j.chb.2018.05.033
  30. Hwang, G. J., Wu, P. H., and Chen, C. C. (2012). An online game approach for improving students' learning performance in web-based problem-solving activities. Computers & Education, 59(4), 1246-1256. https://doi.org/10.1016/j.compedu.2012.05.009
  31. Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83-95. https://doi.org/10.1016/j.cose.2011.10.007
  32. Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79. https://doi.org/10.1016/j.im.2013.10.001
  33. Johnston, A. C., and Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549-566. https://doi.org/10.2307/25750691
  34. Johnston, A. C., Warkentin, M., and Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113-134. https://doi.org/10.25300/MISQ/2015/39.1.06
  35. Kim, Y. K. (2017). Interaction effect of working in general information communication technology or computer security fields and permanent or temporary on wage, job and workplace satisfaction. Asia Pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology, 7(12), 91-100. https://doi.org/10.14257/AJMAHS.2017.12.40
  36. Kirlappos, I., and Sasse, M. A. (2011). Security education against phishing: A modest proposal for a major rethink. IEEE Security & Privacy, 10(2), 24-32. https://doi.org/10.1109/MSP.2011.179
  37. Le Compte, A., Elizondo, D., and Watson, T. (2015). A renewed approach to serious games for cyber security. Paper presented at the 2015 7th International Conference on Cyber Conflict: Architectures in Cyberspace.
  38. Lebek, B., Degirmenci, K., and Breitner, M. H. (2013). Investigating the influence of security, privacy, and legal concerns on employees' intention to use BYOD mobile devices. Proceedings of the 19th Americas Conference on Information Systems, Association for Information Systems(AIS), 1-8.
  39. Lee, E., and Park, I. (2018). The Effect of Video Types on Learning Satisfaction and Academic Achievement in accordance with Visual Cue Presentation. The Journal of Research in Education, 31, 129-153. https://doi.org/10.24299/kier.2018.31.4.129
  40. Lee, S. C., and Kim, J. A. (2018). Factors that affect student satisfaction with online courses. Korean Journal of Educational Administration, 36, 115-138. https://doi.org/10.22553/keas.2018.36.2.115
  41. Lee, Y., and Larsen, K. R. (2009). Threat or coping appraisal: Determinants of SMB executives' decision to adopt anti-malware software. European Journal of Information Systems, 18(2), 177-187. https://doi.org/10.1057/ejis.2009.11
  42. Liang, H., and Xue, Y. (2010). Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11(7), 394-413. https://doi.org/10.17705/1jais.00232
  43. Lim, S. H., Sung, J., Kim, D., and Kim, D. J. (2017). A study of consumers' perceived risk, privacy concern, information protection policy, and service satisfaction in the context of parcel delivery services. Asia Pacific Journal of Information Systems, 27(3), 156-175. https://doi.org/10.14329/apjis.2017.27.3.156
  44. Maddux, J. E., and Rogers, R. W. (1983). Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19(5), 469-479. https://doi.org/10.1016/0022-1031(83)90023-9
  45. McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., and Pattinson, M. (2017). Individual differences and information security awareness. Computers in Human Behavior, 69, 151-156. https://doi.org/10.1016/j.chb.2016.11.065
  46. Miron, G., and Urschel, J. (2012). Understanding and improving full-time virtual schools. National Education Policy Center.
  47. Murphy, G. B., and Tocher, N. (2011). Gender differences in the effectiveness of online trust building information cues: An empirical examination. The Journal of High Technology Management Research, 22(1), 26-35. https://doi.org/10.1016/j.hitech.2011.03.004
  48. Park, J. K., Kim, B. S., and Cho, S. W. (2011). Primary factors affecting corporate employees' attitudes toward information security. Korean Management Review, 40(4), 955-985.
  49. Phelps, D. C. (2005). Information system security: Self-efficacy and security effectiveness in Florida Libraries. Doctoral Dissertation. Florida State University.
  50. Prentice-Dunn, S., Mcmath, B. F., and Cramer, R. (2009). Protection motivation theory and stages of change in sun protective behavior. Journal of Health Psychology, 14(2), 297-305. https://doi.org/10.1177/1359105308100214
  51. Puhakainen, P., and Siponen, M. (2010). Improving employees' compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757-778. https://doi.org/10.2307/25750704
  52. QUARTZ (2016). The Amazon says there's no pay gap for women and minorities among its US workforce, Ashley Rodriguez, 2016.03.24. Retrieved from https://qz.com/646389/amazon-says-theres-no-pay-gap-for-women-and-minority-workers-among-its-us-workforce/.
  53. Rhee, H. S., Kim, C., and Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security, 28(8), 816-826. https://doi.org/10.1016/j.cose.2009.05.008
  54. Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91(1), 93-114. https://doi.org/10.1080/00223980.1975.9915803
  55. Salloum, S. A., Al-Emran, M., Shaalan, K., and Tarhini, A. (2019). Factors affecting the E-learning acceptance: A case study from UAE. Education & Information Technologies, 24(1), 509-530. https://doi.org/10.1007/s10639-018-9786-3
  56. Schneier, B. (2000). Semantic attacks: The third wave of network attacks. Crypto-Gram Newsletter, October 2000.
  57. Schunk, D. H., and DiBenedetto, M. K. (2016). Self-efficacy theory in education. In K. R. Wentzel, and D. B. Miele (Eds.), Handbook of motivation at school (pp. 34-54). Rotledge.
  58. Schunk, D. H., and Usher, E. L. (2012). Social cognitive theory. In T. Urdan, K. R. Harris, and S. Graham (Eds.), APA educational psychology handbook (Vol. 1). American Psychological Society.
  59. Sheehan, K. B. (1999). An investigation of gender differences in on-line privacy concerns and resultant behaviors. Journal of Interactive Marketing, 13(4), 24-38. https://doi.org/10.1002/(SICI)1520-6653(199923)13:4<24::AID-DIR3>3.0.CO;2-O
  60. Siponen, M., Mahmood, M. A., and Pahnila, S. (2014). Employees' adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217-224.
  61. Son, M. J., Yoon, T. Y., and Lee, S. C. (2014). General quality research: Clinical information protection behavior in a medical institution: Based on health psychology theories. Journal of the Korean Society for Quality Management, 42(2), 153-163.
  62. Stajkovic, A. D., and Luthans, F. (1998). Self-efficacy and work-related performance: A meta-analysis. Psychological Bulletin, 124(2), 240-261. https://doi.org/10.1037/0033-2909.124.2.240
  63. Suh, M. S., and Hee, K. S. (2002). The effect of consumer's emotion experienced during internet shopping according to gender. Journal of Global Academy of Marketing Science, 9(1), 101-128. https://doi.org/10.1080/12297119.2002.9707311
  64. Thirunarayanan, M., and Perez-Prado, A. (2001). Comparing web-based and classroom-based learning: A quantitative study. Journal of Research on Technology in Education, 34(2), 131-137. https://doi.org/10.1080/15391523.2001.10782340
  65. Van Bavel, R., Rodriguez-Priego, N., Vila, J., and Briggs, P. (2019). Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human-Computer Studies, 123, 29-39. https://doi.org/10.1016/j.ijhcs.2018.11.003
  66. Vance, A., Siponen, M., and Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3-4), 190-198. https://doi.org/10.1016/j.im.2012.04.002
  67. Woon, I., Tan, G. W., and Low, R. (2005). A protection motivation theory approach to home wireless security. ICIS 2005 Proceedings, 31.
  68. Yu, J. G. (2013). A study of educational service quality in university: Focus on online/offline lectures. Journal of Korea Service Management Society, 14(3), 79-104. https://doi.org/10.15706/JKSMS.2013.14.3.005
  69. Zimmerman, B. J. (2000). Self-efficacy: An essential motive to learn. Contemporary Educational Psychology, 25(1), 82-91. https://doi.org/10.1006/ceps.1999.1016