Abstract:

The information security behaviour of technology users has become an increasingly popular research area as security experts have come to recognise that while securing technology by means of firewalls, passwords and offsite backups is important, such security may be rendered ineffective if the technology users themselves are not information security conscious. Researchers (Chang and Lin, 2007) suggest that most information security problems are as a result of negligent behaviour rather than attack events. The mobile phone has become a necessity for many students but, at the same time, it exposes them to security threats that may result in a loss of information. Students in developing countries are at a disadvantage because they have limited access to information relating to information security threats, unlike their counterparts in more developed societies who can readily access this information from sources like the Internet. The developmental environment is plagued with challenges like access to the Internet or limited access to computers. The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Muyinda (2007) suggests that existing learning theories can be enhanced by using new practices. This paper focuses on assessing how information security management principles can be used to understand the mobile phone information security behavioural intentions of students in a developmental South African university, and in mitigating the threats to student mobile phone information confidentiality. Action research was selected as the appropriate design for this study which notes student mobile phone users exposed to various teaching strategies and their behaviour observed before and after the interventions.