1 / 7

Behavioral/Experimental Research on Information Security: Opportunities for AIS Researchers

Behavioral/Experimental Research on Information Security: Opportunities for AIS Researchers. Paul John Steinbart Arizona State University IS Section Midyear Meeting Scottsdale, AZ January 6, 2006.

sheryl
Download Presentation

Behavioral/Experimental Research on Information Security: Opportunities for AIS Researchers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Behavioral/Experimental Research on Information Security: Opportunities for AIS Researchers Paul John Steinbart Arizona State University IS Section Midyear Meeting Scottsdale, AZ January 6, 2006 IS Section Midyear Meeting Scottsdale, AZ – January 6, 2006

  2. Why do we need behavioral research on information security? Becausepeople are the key piece of the information security puzzle Policy People Procedures Products IS Section Midyear Meeting Scottsdale, AZ – January 6, 2006

  3. Behavioral/experimental research on information security is needed because • The history of IT is full of stories about technically superior products/systems that were implementation failures. Therefore … • Need to research effect of HUMAN FACTORS on information security effectiveness • Individual level • Cognitive limitations • User attitudes • Organizational level • Politics • System implementation IS Section Midyear Meeting Scottsdale, AZ – January 6, 2006

  4. An example: Passphrases versus passwords • Ease of use? • What kinds of problems occur? • User attitudes? IS Section Midyear Meeting Scottsdale, AZ – January 6, 2006

  5. Two major focal groups to study • Management • What factors influence top management’s attitude toward investing in information security? • How can management most effectively increase information security? • Employees – both end users and security professionals • Usability? • Attitudes? IS Section Midyear Meeting Scottsdale, AZ – January 6, 2006

  6. Why AIS researchers should do behavioral research on information security • Training • Knowledge/understanding of internal control • Access to data • “Fit” with what we teach • Opportunity to contribute to IS discipline IS Section Midyear Meeting Scottsdale, AZ – January 6, 2006

  7. The bottom line:Behavioral/experimental research is necessary in order to truly understand information security • Just because an exploit is possible does not mean it is probable • Just because a new information security policy/procedure/product is “stronger” does not mean that it can be implemented effectively IS Section Midyear Meeting Scottsdale, AZ – January 6, 2006

More Related