Assessing the Level of Cybersecurity Awareness and Practices of Application Users and Their Impact on Privacy Policy Consents: A Case Study in Application Downloading (original) (raw)
Related papers
Between privacy and security: the factors that drive intentions to use cyber-security applications
Behaviour & Information Technology, 2020
Installing security applications is a common way to protect against malicious apps, phishing emails, and other threats in mobile operating systems. While these applications can provide essential security protections, they also tend to access large amounts of people's sensitive information. Therefore, individuals need to evaluate the trade-off between the security features and the privacy invasion when deciding on which protection mechanisms to use. In this paper, we examine factors affecting the willingness to install mobile security applications by taking into account the invasion levels and security features of cyber-security applications. To this end, we propose a visual language that depicts the coverage of different security features as well as privacy intrusiveness levels. Our user study (n=300) shows that users assessing security applications find their trade-off balance in highly secure apps with a medium level of privacy invasion. The results indicate that a low privacy invasion might signal that the security application provides less security. We discuss these findings in the context of understanding the trade-off between privacy and security.
Proceedings of the 1st International Conference on Contemporary Risk Studies, ICONIC-RS 2022, 31 March-1 April 2022, South Jakarta, DKI Jakarta, Indonesia
Downloading and installing mobile application means dealing with approval of access permissions on features that store various personal data on the phone. This situation creates uncomfortable feelings and dilemmas for users because of the need for applications, but on the other hand users feel confused or feel insecure by giving access permissions to parties who store various personal data. This research was conducted to understand the psychological aspects experienced by users when deciding to download the mobile application, prioritizing a qualitative approach with data collection in the form of in-depth interviews. The participants in this study were Generation Z, the most smartphone users according to the Indonesian Internet Service Providers Association (APJII). The results of this study are expected to assist young users in designing risk information that is tailored to their comfort needs and mindful behavior using technology.
Mobile application security: Role of perceived privacy as the predictor of security perceptions
International Journal of Information Management, 2020
Despite mobile applications being at the frontier of mobile computation technologies, security issues pose a threat to their adoption and diffusion. Recent studies suggest that security violations could be mitigated through improved security behaviors and attitudes, not just through better technologies. Existing literature on behavioral security suggests that one of the main predictors of users' perceptions of security is their perceived privacy concerns. Using communication privacy management theory (CPM), this study examines the effects of privacy-related perceptions, such as privacy risk and the effectiveness of privacy policies, on the security perceptions of mobile app users. To empirically test the proposed theoretical model, two survey studies were conducted using mobile apps requesting less sensitive information (n = 487) and more sensitive information (n = 559). The findings show that the perceived privacy risk negatively influences the perceived security of the mobile apps; the perceived effectiveness of a privacy policy positively influences user perceptions of mobile app security; and perceived privacy awareness moderates the effect of perceived privacy risk on the perceived security of mobile apps. The results also suggest that users have different privacy-security perceptions based on the information sensitivity of the mobile apps. Theoretical and practical implications are discussed.
Security and Privacy Related Online Behavior of Experienced ICT Users
Proceedings of the 27th International Conference on Organizational Science Development
The increase in the number and variety of potential security and privacy threats puts emphasis on the behaviors of Internet users regarding their use of computer systems and the Internet. The assumptions and habits of Internet users have a great influence on the level of their online privacy and security. The identification of typical behaviors which represent a threat to online security and privacy may help in user education and design of warning systems and applications for protection from malicious software. In our survey the data were collected from 312 college students with good knowledge of information technology and with experience in the use of the Internet. The responses of the subjects revealed that most of them regularly updated their operating systems and antivirus software on their computers. However, a substantial percent of the respondents in the survey tended to perform potentially risky or careless online activities like file sharing, visits to “ untrustworthy” web pages and alike. Results indicate that, even though there are diverse factors which influence the occurrence of malware/spyware infections on personal computers, the risky and careless behaviors of Internet users could be among the main causes of security and privacy problems of experienced ICT users.
Computer Security Behavior and Awareness: An Empirical Case Study
International Journal on Perceptive and Cognitive Computing, 2019
The purpose of this study is to investigate the student’s behavior towards information security and test critical factors that are affecting its awareness, which was carried out among the undergraduate students of An-Najah National University, Palestine. Previous studies have shown that end-users present the weakest link in the security chain. The attacks on computer systems are continuously becoming serious problems which raise the interest among researchers. In achieving the goal of this study, surveys of 80 university students' data were collected and analyzed using SPSS to examine the theoretical model. It is hoped that the outcome of this study will contribute in developing a proper understanding of the factors influencing the behavior of university students towards information security behavior. Additionally, it is anticipated that the findings of this study to lead to more awareness programs that can be used to promote privacy and security protection behaviors of informat...
Measuring Information Security Awareness of Indonesian Smartphone Users
TELKOMNIKA (Telecommunication Computing Electronics and Control), 2014
One of the information security management elements is an information security awareness programme. Usually, this programme only involves the employees within an organisation. Some organisations also consider security awareness for some parties outside the organisation like providers, vendors, and contractors. This paper add consumers as variables to be considered in an information security awareness programme as there are also some threats for the organisation through them. Information security awareness will be measured from a user's knowledge, behaviour, and attitude of five information security focus areas in telecommunications, especially related to smartphone users as one segment of telecommunication providers. For smartphone users, information security threats are not only from the Internet, but also from phone calls or texting. Therefore, the focus area in this research consists of adhering to security policy, protecting personal data, fraud/spam SMS, mobile applications, and reporting a security incident. This research uses an analytic hierarchy process (AHP) method to measure the information security awareness level from smartphone users. In total, the result indicated that the awareness level is good (80%). Although knowledge and attitude dimension are good criteria of the awareness level, the behaviour dimension is average. It can be a reason why there are still many information security breaches against smartphone users despite a good awareness level.
Proceedings of The Asist Annual Meeting, 2009
Data Leakage Worldwide, a 2008 research study commissioned by Cisco Systems, Inc. explored the information security behaviors of information technology (IT) users and decision makers in ten countries around the world. Based upon an online survey, the results published by Cisco Systems concluded that end users engage in risky information security behaviors that negatively impacted the companies for which the worked. The survey also revealed differences in awareness of proper security practices between end users and IT decision makers, as well as a lack of effectiveness in company security policies. One important aspect of the research was the exploration of differences in information security behaviors between respondents in different countries. While the Cisco study is important, a number of questions exist regarding the methods used, data collected, and conclusions made in the survey publications. But regardless of these critiques, the study provides a useful starting point for research into human information security behaviors.
Systematic Literature Review: Information security behaviour on smartphone users
Environment-behaviour proceedings journal, 2022
Information such as bank access, password, and location data stored in the smartphone has become the primary target for cybercriminals. As the users are frequently stated as the weakest link in the information security chain, therefore, there is a need to investigate users' security behavior in the smartphone context. Using the systematic literature review approach, a total of 48 research articles were analyzed to summarizes the developments of Information Security literature on smartphone users. The findings suggest, Qualitative Approach are most adopted approach and Protection Motivation Theory is the most adopted theory in this field.
Empirical study on ICT system's users' risky behavior and security awareness
2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2015
In this study authors gathered information on ICT users from different areas in Croatia with different knowledge, experience, working place, age and gender background in order to examine today's situation in the Republic of Croatia (n=701) regarding ICT users' potentially risky behavior and security awareness. To gather all desired data validated Users' Information Security Awareness Questionnaire (UISAQ) was used. Analysis outcome represent results of ICT users in Croatia regarding 6 subareas (mean of items): Usual risky behavior (x 1 =4.52), Personal computer maintenance (x 2 =3.18), Borrowing access data (x 3 =4.74), Criticism on security in communications (x 4 =3.48), Fear of losing data (x 5 =2.06), Rating importance of backup (x 6 =4.18). In this work comparison between users regarding demographic variables (age, gender, professional qualification, occupation, managing job position and institution category) is given. Maybe the most interesting information is percentage of questioned users that have revealed their password for professional e-mail system (28.8%). This information should alert security experts and security managers in enterprises, government institutions and also schools and faculties. Results of this study should be used to develop solutions and induce actions aiming to increase awareness among Internet users on information security and privacy issues.
Jurnal Teknologi Informasi dan Pendidikan
Mobile usage has become a part of our daily lives. However, many mobile users ignore the existence of app permissions in an app. One of the reasons is the lack of information related to app permissions. If users are not careful, app permissions can be abused by hackers to steal their data such as SMS, photos, microphone access, and GPS. The purpose of this study is to observe the perspective of university students in Batam regarding app permissions as well as to see the consequences of that perspective. The basis of this research is using survey method for 132 social media users and regression. This study proves that mobile users’ information privacy concerns have an influence on the intention to accept app permissions, which means that university students of Batam tend to consider personal information privacy on mobile before accepting app permissions. However, computer anxiety and perceived control do not affect mobile users’ information privacy concerns, which means university st...