Name
Title | ||
|---|---|---|
Investigating the Correlation between Intention and Action in the Context of Social Engineering in Two Different National Cultures |
Abstract | ||
|---|---|---|
In this paper, we shed a light on the intention-action relationship in the context of external behavioral information security threats. Specifically, external threats caused by employees' social engineering security actions were examined. This was done by examining the correlation between employees' reported intention to resist social engineering and their self-reported actions of hypothetical scenarios as well as observed action in a phishing experiment. Empirical studies including 1787 employees pertaining to six different organizations located in Sweden and USA laid the foundation for the statistical analysis. The results suggest that employees' intention to resist social engineering has a significant positive correlation of low to medium strength with both self-reported action and observed action. Furthermore, a significant positive correlation between social engineering actions captured through written scenarios and a phishing experiment was identified. Due to data being collected from employees from two different national cultures, an exploration of potential moderating effect based on national culture was also performed. Based on this analysis we identified that the examined correlations differ between Swedish, and US employees. The findings have methodological contribution to survey studies in the information security field, showing that intention and self-reported behavior using written scenarios can be used as proxies of observed behavior under certain cultural contexts rather than others. Hence, the results support managers operating in a global environment when assessing external behavioral information security threats in their organization. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.1109/HICSS.2015.422 | System Sciences |
Keywords | Field | DocType |
behavioural sciences computing,cultural aspects,human factors,personnel,security of data,social sciences computing,statistical analysis,sweden,swedish employees,us employees,usa,employee intention,employee social engineering security actions,external behavioral information security threats,information security field,intention-action correlation,intention-action relationship,national cultures,phishing experiment,self-reported action,self-reported behavior,information security,correlation,cultural differences,organizations,resists,technology | Phishing,Computer science,Social engineering (security),National culture,Knowledge management,Information security,Cultural diversity,Global environmental analysis,Correlation,Empirical research | Conference |
ISSN | Citations | PageRank |
1530-1605 | 1 | 0.35 |
References | Authors | |
16 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Waldo Rocha Flores | 1 | 82 | 6.92 |
| Hannes Holm | 2 | 191 | 14.59 |
| Mathias Ekstedt | 3 | 634 | 49.70 |
| Marcus Nohlberg | 4 | 44 | 9.25 |