CULTURAL AND PSYCHOLOGICAL FACTORS IN CYBER-SECURITY
Keywords:
Cyber-Security, Culture, Personality Traits, Privacy, Human FactorsAbstract
Increasing cyber-security presents an ongoing challenge to security professionals. Research continuously suggests that online users are a weak link in information security. This research explores the relationship between cyber-security and cultural, personality and demographic variables. This study was conducted in four different countries and presents a multi-cultural view of cyber-security. In particular, it looks at how behaviour, self-efficacy and privacy attitude are affected by culture compared to other psychological and demographics variables (such as gender and computer expertise). It also examines what kind of data people tend to share online and how culture affects these choices. This work supports the idea of developing personality based UI design to increase users’ cyber-security. Its results show that certain personality traits affect the user cyber-security related behaviour across different cultures, which further reinforces their contribution compared to cultural effects.
Downloads
References
Strategy-culture-change. Available at: https://geert-hofstede.com/countries.html.
Survey Instrument. Available at: http://bit.ly/1Y3jDpc.
L. Chen and D. Farkas, “An Investigation of Decision-Making and the Trade-offs involving
Computer Security Risk,” Proc. of the Americas Conference on Information Systems, 2009.
P. Chua, E. Spiresa, and T. Sueyoshi, “Cross-Cultural Differences in Choice Behaviour and Use of
Decision Aids: A Comparison of Japan and the United States,” Organizational Behaviour and
Human Decision Processes, pp147–170, 1999.
P. Costa and R. McCrae, “NEO PI-R professional manual,” Psychological Assessment Resources,
FL, 1992.
B. Englich and K. Soder, “Moody experts - How mood and expertise influence judgmental
anchoring,” Judgment and Decision Making, 4(1), pp41 – 50, February 2009.
M. Finucane, P. Slovic, C. Mertz, J. Flynn, and T. Satterfield, “Gender, Race, and Perceived Risk:
The ’white male’ Effect,” Health, Risk & Society, 2(2), pp159–172, 2000.
T. Halevi, T. Kuppusamy, M. Caiazzo, and N. Memon, “Investigating users’ readiness to trade-off
biometric fingerprint data,” IEEE Intl. Conf. on Identity, Security and Behaviour Analysis, 2015.
T. Halevi, J. Lewis, and N. Memon, “A pilot study of cyber security and privacy related behaviour
and personality traits,” Proc. of the Int. Conf. on World Wide Web Companion, pp737–744, 2013.
M. Jakobsson and S. Myers, “Phishing and Countermeasures: Understanding the Increasing
Problem of Electronic Identity Theft,” Wiley-Interscience, 2006.
Jane Hill Shea, “Attitudes Toward Privacy: A Comparison of India and the United States,” 2007.
Available at: http://www.frostbrowntodd.com/resources-214.html.
M. Kajzer, J. Darcy, C. Crowel, and D. Bruggen. “An exploratory investigation of message-person
congruence in information security awareness campaigns,” Computers and Security, 43, pp64 –
, 2014.
R. Lemos, “Kaspersky Security Bulletin, Overall statistics for 2013.” 2013. Available at:
https://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin_2013_Overall_st
atistics_for_2013#07.
R. Lemos, “Targeted Attacks, Weak Passwords Top IT Security Risks in 2013”. Available at:
http://www.eweek.com/security/targeted-attacks-weakpasswords-top-it-security-risks-in-2013/.
R. McCrae and O. John, “An Introduction to the Five-Factor Model and Its Applications,” Journal
of Personality, 60(2), pp175 – 215, 1992.
Microsoft, “Zeroing In on Malware Propagation Methods,” Microsoft Security Intelligence
Report, 2011.
O. Nov and O. Arazy, “An Investigation of Decision-Making and the Trade-offs involving
Computer Security Risk,” Proc. of Conf. on Computer Supported Cooperative Work, pp977–984,
O. Nov, O. Arazy, C. Lopez, and P. Brusilovsky, “Exploring personality-targeted UI design in
online social participation systems,” Proc. of SIGCHI Conf. on Human Factors in Computing
Systems, pp. 361–370, 2013.
P. Kumaraguru, L. Cranor, and E. Newton, “Privacy Perceptions in India and the United States:
An Interview Study,” 2005. Available at:
attp://precog.iiitd.edu.in/Publications_files/tprc_2005_pk_lc_en.pdf.
P. Slovic and E. Weber, “Perception of Risk Posed by Extreme Events,” Risk Management
Strategies in an Uncertain World, 2002.
S. Mathiyalakan, G. Heilman and S. White, “Gender Differences in Student Attitude toward
Privacy in Facebook,” Communications of the IIMA, 13(4), pp34 – 42, 2013.
S. Paril, A. Kosba, A. John, and D. Seligmann, “Comparing privacy attitudes of knowledge
workers in U.S. and India,” Proc. of Int. Conf. on Intercultural Collaboration, pp141–150, 2010.
B. Schneier, “Fear and the Availability Heuristic,” 2009. Available at:
https://www.schneier.com/blog/archives/2009/03/fear_and_the_av.html.
M. Sleeper, A. Acquisti, L. Cranor, P. Kelley, S. Munsonz, and N. Sadeh. “I Would Like To..., I
Shouldn‘t..., I Wish I...: Exploring Behaviour-Change Goals for Social Networking Sites,” Proc.
of ACM Conf. on Computer Supported Cooperative Work and Social Computing, pp1058–1069,
A. Tversky and D. Kahneman, “Judgment under Uncertainty: Heuristics and Biases,” Science
New Series, pp1124–1131, 1974.
A. Zuffiano, G. Alessandri, M. Gerbino, B. Kanacri, L. Giunta, M. Milioni, and G. Caprara,
“Academic achievement: The unique contribution of self-efficacy beliefs in self-regulated learning
beyond intelligence, personality traits, and self-esteem,” Learning and Individual Differences,
