STUDENT INFORMATION SECURITY BEHAVIOURAL INTENT: ASSESSING THE ACTIONS AND INTENTIONS OF STUDENTS IN A DEVELOPMENTAL UNIVERSITY
1 Walter Sisulu University (SOUTH AFRICA)
2 University of Fort Hare (SOUTH AFRICA)
About this paper:
Appears in:
ICERI2014 Proceedings
Publication year: 2014
Pages: 3524-3532
ISBN: 978-84-617-2484-0
ISSN: 2340-1095
Conference name: 7th International Conference of Education, Research and Innovation
Dates: 17-19 November, 2014
Location: Seville, Spain
Abstract:
The information security behaviour of technology users has become an increasingly popular research area as security experts have come to recognise that while securing technology by means of firewalls, passwords and offsite backups is important, such security may be rendered ineffective if the technology users themselves are not information security conscious. Researchers (Chang and Lin, 2007) suggest that most information security problems are as a result of negligent behaviour rather than attack events. The mobile phone has become a necessity for many students but, at the same time, it exposes them to security threats that may result in a loss of information. Students in developing countries are at a disadvantage because they have limited access to information relating to information security threats, unlike their counterparts in more developed societies who can readily access this information from sources like the Internet. The developmental environment is plagued with challenges like access to the Internet or limited access to computers. The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Muyinda (2007) suggests that existing learning theories can be enhanced by using new practices. This paper focuses on assessing how information security management principles can be used to understand the mobile phone information security behavioural intentions of students in a developmental South African university, and in mitigating the threats to student mobile phone information confidentiality. Action research was selected as the appropriate design for this study which notes student mobile phone users exposed to various teaching strategies and their behaviour observed before and after the interventions.