Eyes wide open: The role of situational information security awareness for security‐related behaviour

Most contemporary studies on information security focus on largely static phenomena in examining security‐related behaviours. We take a more dynamic, situational and interactionist approach that proposes that security‐related behaviours result from an interaction between the person and the perceptio...

Full description

Saved in:
Bibliographic Details
Published in:Information systems journal (Oxford, England) England), 2021-05, Vol.31 (3), p.429-472
Main Authors: Jaeger, Lennart, Eckhardt, Andreas
Format: Article
Language:English
Subjects:
Appraisals
contextual relevance
Design factors
Eye movements
eye tracking
misplaced salience
Phishing
Security
Security management
security warning
Situational awareness
situational information security awareness
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Most contemporary studies on information security focus on largely static phenomena in examining security‐related behaviours. We take a more dynamic, situational and interactionist approach that proposes that security‐related behaviours result from an interaction between the person and the perception of a threatening situation. We derive and define situational information security awareness based on situation awareness literature, and examine how individual‐level (innate traits, experience) and system‐level factors (design variations, warning signal) influence awareness, and how it influences subsequent threat and coping appraisals, and ultimately security‐related behaviours in a multi‐method phishing experiment including eye tracking and survey components with 107 employees. The results underscore the importance of situational information security awareness and show that past experience with phishing and a security warning increase awareness, while phishing emails' contextual relevance and misplaced salience decrease awareness. Situational information security awareness, in turn, increases perceived threat and perceived coping efficacy and, ultimately, actual behavioural responses to phishing attacks.
ISSN:1350-1917
1365-2575
DOI:10.1111/isj.12317