Information security conscious care behaviour formation in organizations

Nader Sohrabi Safa, Mehdi Sookhak, Rossouw Von Solms, Steven Furnell, Norjihan Abdul Ghani, Tutut Herawan

Research output: Contribution to journalArticlepeer-review

231 Citations (Scopus)


Today, the Internet can be considered to be a basic commodity, similar to electricity, without which many businesses simply cannot operate. However, information security for both private and business aspects is important. Experts believe that technology cannot solely guarantee a secure environment for information. Users' behaviour should be considered as an important factor in this domain. The Internet is a huge network with great potential for information security breaches. Hackers use different methods to change confidentiality, integrity, and the availability of information in line with their benefits, while users intentionally or through negligence are a great threat for information security. Sharing their account information, downloading any software from the Internet, writing passwords on sticky paper, and using social security numbers as a username or password are examples of their mistakes. Users' negligence, ignorance, lack of awareness, mischievous, apathy and resistance are usually the reasons for security breaches. Users' poor information security behaviour is the main problem in this domain and the presented model endeavours to reduce the risk of users' behaviour in this realm. The results of structural equation modelling (SEM) showed that Information Security Awareness, Information Security Organization Policy, Information Security Experience and Involvement, Attitude towards information security, Subjective Norms, Threat Appraisal, and Information Security Self-efficacy have a positive effect on users' behaviour. However, Perceived Behavioural Control does not affect their behaviour significantly. The Protection Motivation Theory and Theory of Planned Behaviour were applied as the backbone of the research model.

Original languageEnglish
Pages (from-to)65-78
Number of pages14
JournalComputers and Security
Early online date3 Jun 2015
Publication statusPublished - 3 Sept 2015
Externally publishedYes


  • Awareness
  • Conscious care behaviour
  • Information security
  • Organization policy
  • Risk

ASJC Scopus subject areas

  • Computer Science(all)
  • Law


Dive into the research topics of 'Information security conscious care behaviour formation in organizations'. Together they form a unique fingerprint.

Cite this