In quest of information security in higher education institutions: security awareness, concerns and behaviour of students

Research output: ThesisDoctoral Thesis

Abstract

Humans, often suggested as the weakest link in information security, require security education, training and awareness (SETA) programs to strengthen themselves against information security threats. These SETA programs improve security awareness (also called information security awareness or ISA) which makes users conscious about the information security threats and risks and motivates them to learn knowledge and measures to safeguard their information security. Studies have shown that most of the SETA programs do not achieve their desired objectives and been proven ineffective. This ineffectiveness is probably because: 1) current SETA programs are designed as a one-fits-all solution and are not tailored as per users’ needs, 2) users are not included in the design phase of the SETA programs and 3) the SETA programs lack theory-grounded approaches. Nonetheless, the relationship between ISA and security behaviour also needs explanation. This thesis sets out to address the issues mentioned above.

In this thesis, four separate studies grounded in both quantitative and qualitative methods are conducted. Cross-sectional data from students of a single case was collected using online surveys, with one exception in which data was collected as part of a class assignment. The results showed that, in general, students believed they know more than they actually did. The impacts of gender, previous training, and educational discipline were evident on security knowledge, behaviour, perceived awareness and actual awareness.

Students have a wide range of security concerns, related to their personal, social, technological, non-technological and institutional dimensions of everyday life, and not just technological and nontechnological aspects as shown in the existing literature. Further, students differ significantly from security experts in terms of their security practices. However, aware students (having training in information security) were more similar in security practices to security experts than the unaware students (having no formal or informal information security training). Lastly, it was found that the relationship between ISA and security behaviour can be explained using Information-Motivation-Behavioural Skills (IMB) model. The research presented in this thesis has implications for faculty members who teach students and the security professionals responsible for information security of higher education institutions.
Original languageEnglish
QualificationPhD
Awarding Institution
  • University of Turku
Supervisors/Advisors
  • Isoaho, Jouni, Supervisor, External person
  • Virtanen, Seppo, Supervisor, External person
Award date29 Nov 2019
Place of PublicationTurku, Finland
Print ISBNs9789521238796
Publication statusPublished - 22 Nov 2019

Keywords

  • thesis
  • information security
  • higher education

Fingerprint

Dive into the research topics of 'In quest of information security in higher education institutions: security awareness, concerns and behaviour of students'. Together they form a unique fingerprint.

Cite this