Computer security and risky computing practices: A rational choice perspective

Kregg Aytes, Terence Connolly

Research output: Chapter in Book/Report/Conference proceedingChapter

7 Citations (Scopus)

Abstract

Despite rapid technological advances in computer hardware and software, insecure behavior by individual computer users continues to be a significant source of direct cost and productivity loss. Why do individuals, many of whom are aware of the possible grave consequences of low-level insecure behaviors such as failure to backup work and disclosing passwords, continue to engage in unsafe computing practices? In this chapter we propose a conceptual model of this behavior as the outcome of a boundedly rational choice process. We explore this model in a survey of undergraduate students (N = 167) at two large public universities. We asked about the frequency with which they engaged in five commonplace but unsafe computing practices, and probed their decision processes with regard to these practices. Although our respondents saw themselves as knowledgeable, competent users and were broadly aware that serious consequences were quite likely to result, they reported frequent unsafe computing behaviors. We discuss the implications of these findings both for further research on risky computing practices and for training and enforcement policies that will be needed in the organizations that these students will be entering shortly.

Original languageEnglish (US)
Title of host publicationAdvanced Topics in End User Computing
PublisherIGI Global
Pages257-279
Number of pages23
Volume4
ISBN (Print)9781591404743
DOIs
StatePublished - 2005

Fingerprint

Security of data
Students
Computer hardware
Productivity
hardware
Costs
student
productivity
university
costs

ASJC Scopus subject areas

  • Computer Science(all)
  • Social Sciences(all)

Cite this

Aytes, K., & Connolly, T. (2005). Computer security and risky computing practices: A rational choice perspective. In Advanced Topics in End User Computing (Vol. 4, pp. 257-279). IGI Global. https://doi.org/10.4018/978-1-59140-474-3.ch013

Computer security and risky computing practices : A rational choice perspective. / Aytes, Kregg; Connolly, Terence.

Advanced Topics in End User Computing. Vol. 4 IGI Global, 2005. p. 257-279.

Research output: Chapter in Book/Report/Conference proceedingChapter

Aytes, Kregg ; Connolly, Terence. / Computer security and risky computing practices : A rational choice perspective. Advanced Topics in End User Computing. Vol. 4 IGI Global, 2005. pp. 257-279
@inbook{b61bc4ef3fbd49bdb21f291cb677a7e1,
title = "Computer security and risky computing practices: A rational choice perspective",
abstract = "Despite rapid technological advances in computer hardware and software, insecure behavior by individual computer users continues to be a significant source of direct cost and productivity loss. Why do individuals, many of whom are aware of the possible grave consequences of low-level insecure behaviors such as failure to backup work and disclosing passwords, continue to engage in unsafe computing practices? In this chapter we propose a conceptual model of this behavior as the outcome of a boundedly rational choice process. We explore this model in a survey of undergraduate students (N = 167) at two large public universities. We asked about the frequency with which they engaged in five commonplace but unsafe computing practices, and probed their decision processes with regard to these practices. Although our respondents saw themselves as knowledgeable, competent users and were broadly aware that serious consequences were quite likely to result, they reported frequent unsafe computing behaviors. We discuss the implications of these findings both for further research on risky computing practices and for training and enforcement policies that will be needed in the organizations that these students will be entering shortly.",
author = "Kregg Aytes and Terence Connolly",
year = "2005",
doi = "10.4018/978-1-59140-474-3.ch013",
language = "English (US)",
isbn = "9781591404743",
volume = "4",
pages = "257--279",
booktitle = "Advanced Topics in End User Computing",
publisher = "IGI Global",

}

TY - CHAP

T1 - Computer security and risky computing practices

T2 - A rational choice perspective

AU - Aytes, Kregg

AU - Connolly, Terence

PY - 2005

Y1 - 2005

N2 - Despite rapid technological advances in computer hardware and software, insecure behavior by individual computer users continues to be a significant source of direct cost and productivity loss. Why do individuals, many of whom are aware of the possible grave consequences of low-level insecure behaviors such as failure to backup work and disclosing passwords, continue to engage in unsafe computing practices? In this chapter we propose a conceptual model of this behavior as the outcome of a boundedly rational choice process. We explore this model in a survey of undergraduate students (N = 167) at two large public universities. We asked about the frequency with which they engaged in five commonplace but unsafe computing practices, and probed their decision processes with regard to these practices. Although our respondents saw themselves as knowledgeable, competent users and were broadly aware that serious consequences were quite likely to result, they reported frequent unsafe computing behaviors. We discuss the implications of these findings both for further research on risky computing practices and for training and enforcement policies that will be needed in the organizations that these students will be entering shortly.

AB - Despite rapid technological advances in computer hardware and software, insecure behavior by individual computer users continues to be a significant source of direct cost and productivity loss. Why do individuals, many of whom are aware of the possible grave consequences of low-level insecure behaviors such as failure to backup work and disclosing passwords, continue to engage in unsafe computing practices? In this chapter we propose a conceptual model of this behavior as the outcome of a boundedly rational choice process. We explore this model in a survey of undergraduate students (N = 167) at two large public universities. We asked about the frequency with which they engaged in five commonplace but unsafe computing practices, and probed their decision processes with regard to these practices. Although our respondents saw themselves as knowledgeable, competent users and were broadly aware that serious consequences were quite likely to result, they reported frequent unsafe computing behaviors. We discuss the implications of these findings both for further research on risky computing practices and for training and enforcement policies that will be needed in the organizations that these students will be entering shortly.

UR - http://www.scopus.com/inward/record.url?scp=84900174825&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84900174825&partnerID=8YFLogxK

U2 - 10.4018/978-1-59140-474-3.ch013

DO - 10.4018/978-1-59140-474-3.ch013

M3 - Chapter

AN - SCOPUS:84900174825

SN - 9781591404743

VL - 4

SP - 257

EP - 279

BT - Advanced Topics in End User Computing

PB - IGI Global

ER -