Influence of Cumulative Risk Priming on Security Update Decision Making

Shieh, Michael; Rajivan, Prashanth

doi:10.1177/1071181321651068

Cited by 1 publication

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As Rosoff et al (2013) found that negatively framed messages focused on risks and adverse consequences can prompt safer cyber behaviour, it may be that the use of affective priming will have more of an impact as it focuses on the negative implications for individuals of poor cyberhygiene behaviour. Given that Shieh and Rajivan (2021) show that some forms of priming have only short-lived, momentary effects on user behaviour, it is also likely that single-shot priming interventions alone are not sufficient in a cybersecurity context. More intensive interventions, potentially involving longer or multiple sessions for reinforcement, may be required to have a significant effect.…”

Section: Discussionmentioning

confidence: 99%

“…Priming can be used to disrupt system 1 thinking and prompt individuals to activate system 2 thinking, thus heightening the likelihood that they will respond appropriately to, for example, cybersecurity risks they might be facing (Sharma et al, 2021). Empirical work is emerging to support this logic, with evidence that priming interventions can reduce risky behaviour related to information security (Sharma et al, 2021), that priming individuals with the negative outcomes of risky behaviours can prompt safer cybersecurity choices (Rosoff et al, 2013), and that "risk priming" can momentarily affect users' security update decisions (Shieh and Rajivan, 2021). However, there is also evidence that priming may be ineffective against more sophisticated forms of cyberattacks (Junger et al, 2017).…”

Section: Security Awareness and Practice Of University Studentsmentioning

confidence: 99%

“…, 2021), that priming individuals with the negative outcomes of risky behaviours can prompt safer cybersecurity choices (Rosoff et al. , 2013), and that “risk priming” can momentarily affect users’ security update decisions (Shieh and Rajivan, 2021). However, there is also evidence that priming may be ineffective against more sophisticated forms of cyberattacks (Junger et al.…”

Section: Background Literature and Research Questionsmentioning

confidence: 99%

See 2 more Smart Citations

The influence of ethical principles and policy awareness priming on university students’ judgements about ICT code of conduct compliance

Richards

Khan²,

Formosa³

et al. 2022

OCJ

View full text Add to dashboard Cite

PurposeTo protect information and communication technology (ICT) infrastructure and resources against poor cyber hygiene behaviours, organisations commonly require internal users to confirm they will abide by an ICT Code of Conduct. Before commencing enrolment, university students sign ICT policies, however, individuals can ignore or act contrary to these policies. This study aims to evaluate whether students can apply ICT Codes of Conduct and explores viable approaches for ensuring that students understand how to act ethically and in accordance with such codes.Design/methodology/approachThe authors designed a between-subjects experiment involving 260 students’ responses to five scenario-pairs that involve breach/non-breach of a university’s ICT policy following a priming intervention to heighten awareness of ICT policy or relevant ethical principles, with a control group receiving no priming.FindingsThis study found a significant difference in students’ responses to the breach versus non-breach cases, indicating their ability to apply the ICT Code of Conduct. Qualitative comments revealed the priming materials influenced their reasoning.Research limitations/implicationsThe authors’ priming interventions were inadequate for improving breach recognition compared to the control group. More nuanced and targeted priming interventions are suggested for future studies.Practical implicationsAppropriate application of ICT Code of Conduct can be measured by collecting student/employee responses to breach/non-breach scenario pairs based on the Code and embedded with ethical principles.Social implicationsShared awareness and protection of ICT resources.Originality/valueCompliance with ICT Codes of Conduct by students is under-investigated. This study shows that code-based scenarios can measure understanding and suggest that targeted priming might offer a non-resource intensive training approach.

show abstract

Section: Discussionmentioning

confidence: 99%