Abstract
Information security policies are formalized rules and regulations that employees should follow to avoid unwanted cyber incidents. This paper reports on the findings of a survey among personnel employed in the Norwegian industrial sector. The survey measured how the respondents self-assess their risky behavior and cognitive awareness regarding the importance and likelihood of cyber security events. A modified version of the Behavioral Cognitive Internet Security Questionnaire was used as the survey instrument. The results indicate that the employees in the target group have a low level of risky behavior and a high level of cognitive awareness and that minimal discrepancy between how respondents self-assess and act in the simulation exists. The result should be of interest to practitioners in the field of cybersecurity since training is attributed as the main driver of the obtained results. Furthermore, strong indications exist that the selected literature and theory do not hold true for the Norwegian industry sector.
This work has been funded by the Research Council of Norway under grants 323131 (How to improve Cyber Security performance by researching human behavior and improve processes in an industrial environment) and 310105 (SFI Norwegian Centre for Cybersecurity in Critical Sectors - NORCICS).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cox, A.L., Jr.: What’s wrong with risk matrices? Risk Anal. Int. J. 28(2), 497–512 (2008)
The Brønnøysund Register Centr. https://w2.brreg.no/enhet/sok/index.jsp. Accessed 17 Apr 2023
Fink, A.: How to Conduct Surveys: A Step-by-step Guide. Sage Publications, Thousand Oaks (2015)
Gliem J.A., Gliem R.R.: Calculating, interpreting, and reporting Cronbach’s alpha reliability coefficient for Likert-type scales. In: 2003 Midwest Research to Practice Conference in Adult, Continuing, and Community Education, pp. 82–88. Columbus OH, USA (2003)
Huang, D.-L., Rau, P.-L.P., Salvendy, G.: A survey of factors influencing people’s perception of information security. In: Jacko, J.A. (ed.) HCI 2007. LNCS, vol. 4553, pp. 906–915. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73111-5_100
Kocak, C., Egrioglu, E., Yolcu, U., Aladag, C.H.: Computing Cronbach alpha reliability coefficient for fuzzy survey data. Am. J. Intell. Syst. 4(5), 204–213 (2014)
Kruger, H., Toit, T.D., Drevin, L., Maree, N.: Acquiring sentiment towards information security policies through affective computing. In: Proceedings 2020 2nd International Multidisciplinary Information Technology and Engineering Conference (IMITEC), pp. 1–6. IEEE Press, New York City (2020)
Kurowski, S.: Response biases in policy compliance research. Inf. Comput. Secur. 28(3), 445–465 (2019)
Oueslati, N.E., Mrabet, H., Jemai, A., Alhomoud, A.: Comparative study of the common cyber-physical attacks in industry 4.0. In: Proceedings 2019 International Conference on Internet of Things. Embedded Systems and Communications (IINTEC), pp. 1–7. IEEE Press, New York City (2019)
Parsons, K., McCormac, A., Butavicius, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Command, Control, Communications and Intelligence Division DSTO Defence Science and Technology Organisation, Edinburgh South Australia 5111, Australia (2010)
Reeves, A., Parsons, K., Calic, D.: Whose risk is it anyway: how do risk perception and organisational commitment affect employee information security awareness? In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 232–249. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50309-3_16
Vaske, J.J., Beaman, J., Sponarski, C.C.: Rethinking internal consistency in Cronbach’s alpha. Leis. Sci. 39(2), 163–173 (2017)
Velki, T.: Psychologists as information-communication system users: is this bridge between information-communication and behavioral science enough to prevent risky online behaviors? In: Proceedings of 2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO), pp. 1048–1052. IEEE Press, New York City (2022)
Velki, T., Mayer, A., Norget, J.: Development of a new international behavioral-cognitive internet security questionnaire: preliminary results from Croatian and German samples. In: Proceedings of 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1209–1212. IEEE Press, New York City (2019)
Velki, T., Šolić, K.: Development and validation of a new measurement instrument: the behavioral-cognitive internet security questionnaire (BCISQ). Int. J. Electr. Comput. Eng. Syst. 10(1.), 19–24 (2019)
Velki, T., Šolić, K., Žvanut, B.: Cross-cultural validation and psychometric testing of the Slovenian version of the Croatian behavioral-cognitive internet security questionnaire. Elektrotehniški Vestnik 89(3), 103–108 (2022)
Kannelønning, K., Katsikas, S.K.: A systematic literature review of how cybersecurity-related behavior has been assessed. Information and Computer Security ahead-of-print (ahead-of-print) (2023). https://doi.org/10.1108/ICS-08-2022-0139
McCormac, A., Calic, D., Butavicius, M.A., Parsons, K., Zwaans, T., Pattinson, M.R.: A reliable measure of information security awareness and the identification of bias in responses. Australas. J. Inf. Syst. 21 (2017)
Kitchenham, B., Pfleeger, S.L.: Principles of survey research part 4: questionnaire evaluation. SIGSOFT Softw. Eng. Notes 27(3), 20–23 (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kannelønning, K., Katsikas, S. (2023). Cybersecurity-Related Behavior of Personnel in the Norwegian Industry. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-031-38530-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-38530-8_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38529-2
Online ISBN: 978-3-031-38530-8
eBook Packages: Computer ScienceComputer Science (R0)