UUttaahh SSttaattee UUnniivveerrssiittyy DDiiggiittaallCCoommmmoonnss@@UUSSUU All Graduate Theses and Dissertations Graduate Studies 5-2011 TThhee AAddooppttiioonn ooff CCoommppuutteerr SSeeccuurriittyy:: AAnn AAnnaallyyssiiss ooff HHoommee PPeerrssoonnaall CCoommppuutteerr UUsseerr BBeehhaavviioorr UUssiinngg tthhee HHeeaalltthh BBeelliieeff MMooddeell Chester L. Claar Utah State University Follow this and additional works at: https://digitalcommons.usu.edu/etd Part of the Management Information Systems Commons RReeccoommmmeennddeedd CCiittaattiioonn Claar, Chester L., "The Adoption of Computer Security: An Analysis of Home Personal Computer User Behavior Using the Health Belief Model" (2011). All Graduate Theses and Dissertations. 878. https://digitalcommons.usu.edu/etd/878 This Dissertation is brought to you for free and open access by the Graduate Studies at DigitalCommons@USU. It has been accepted for inclusion in All Graduate Theses and Dissertations by an authorized administrator of DigitalCommons@USU. For more information, please contact [email protected]. THE ADOPTION OF COMPUTER SECURITY: AN ANALYSIS OF HOME PERSONAL COMPUTER USER BEHAVIOR USING THE HEALTH BELIEF MODEL by Chester L. Claar A dissertation submitted in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY in Education (Management Information Systems) Approved: _______________________ ________________________ Dr. Jeffrey J. Johnson Dr. David J. Paper Major Professor Committee Member _______________________ ________________________ Dr. Zsolt G. Ugray Dr. Kelly J. Fadel Committee Member Committee Member _______________________ _______________________ Dr. Jean M. Lown Dr. Byron R. Burnham Committee Member Dean of Graduate Studies UTAH STATE UNIVERSITY Logan, Utah 2011 ii Copyright © Chet L. Claar 2011 All Rights Reserved iii ABSTRACT The Adoption of Computer Security: An Analysis of Home Personal Computer User Behavior using the Health Belief Model by Chester L. Claar, Doctor of Philosophy Utah State University, 2011 Major Professor: Dr. Jeffrey Johnson Department: Management Information Systems The primary purpose of this research was to examine the adoption of computer security software in the home computer environment. The use of the Health Belief Model as a framework to design a model to examine home user adoption of computer security provided the basis for this research. The method of the investigation was a cross-sectional study using a self-reported web-based survey to test the theoretical model derived from the Health Belief Model. The survey targeted individuals who are responsible for the selection, installation, and maintenance of software on their home computers. The data collection relied on a snowball sampling technique that recruited a total of 186 participants who completed the online survey. The research model contains a total of 26 hypothesized relationships that were tested using multiple regression analysis techniques. The research model contains six iv main predicting variables (perceived vulnerability, perceived severity, perceived benefits, perceived barriers, self-efficacy, and cues to action) and four moderating variables (age, gender, education, and prior experience of attack). The model explains 30.4% of the variance in computer security usage, the dependent variable in the research model. The results demonstrate that certain constructs found in the Health Belief Model are more effective than others in motivating individuals to utilize computer security software. Specifically, the results show that perceived vulnerability (H1), perceived barriers (H4), self-efficacy (H5), and the two-way interactions of age and barriers (H8d), education and benefits (H9c), prior experience and perceived severity (H10b), and prior experience and self-efficacy (H10e) had significant effects on computer security usage. Additionally, prior experience was found to have a significant main effect on the dependent variable. Information from this research provides evidence that the Health Belief Model can be used to study the computer security usage behavior of home computer users. Further, the relationship of perceived vulnerability and computer security usage provides a way for practitioners to increase computer security usage behavior through targeted media campaigns. (149 pages) v ACKNOWLEDGMENTS The journey to this culminating project has been quite an adventure. While it may seem to most that finishing an undertaking of such magnitude is an individual accomplishment, I have found that this accomplishment belongs to many. I have been inspired and assisted by many over the course of my education, and I need to thank all of those responsible for helping me live the dream. First I would like to thank those who helped to set me on the path to graduate school. My decision to become a teacher was inspired by the great instructors and professors I had during my undergraduate education. My sincere thanks go out to Mr. Paul Stowell, Mr. Don Border, Mr. Chuck Wahle, Dr. Brad Smith, Dr. Wayne Klemin, Dr. Lori Braunstein, Dr. David Rawlinson, Dr. Robert Perkins, Dr. Connie Roberts, and Dr. Kim Bartel. Your commitment to education, your belief in my aptitude, and your encouragement inspired me to follow in your footsteps. Next I would like to thank all my committee members. My sincere gratitude goes to my committee chair and mentor, Dr. Jeff Johnson. He spent countless hours working with me on developing this research and completing this project. To Dr. David Paper, I want to extend special thanks for his involvement with my committee and for being a great friend and mentor over the last several years. Our conversations were not only beneficial for my academic success, but for life in general. I always knew that you would be there should I be struggling and needing someone to listen. Dr. Kelly Fadel, your help with my methodology and analysis has been invaluable and I can’t thank you enough for keeping me on the correct path. Dr. Zsolt Ugray, the patience you have shown, as I would vi frequently drop by to discuss research, has not gone unappreciated. To Dr. Jean Lown, I appreciate the guidance you have given and your willingness to participate in this process. I would like to thank all of the doctoral students in this program, both past and present. I have found along this journey that one of the best ways to navigate the hidden dangers is to talk with those who have walked the path ahead. The doctoral students that came before me have been instrumental in my success and I would like to thank them all for the guidance and encouragement they have given me over the last several years. My gratitude goes out to Matt H., Bryan, Wei, Richard, and Joey. Next I would like to thank Jason, Kelley, and Matt. As fellow doctoral students, we walked the path together. The encouragement and advice you have given me over the last few years has helped to make this journey possible. A journey of this enormity is typically full of sacrifices. No one has sacrificed more than my family. I owe my biggest thanks to the love of my life, my soul mate, and my wife, Jona. She has always believed in me, even when I didn’t. Without her love and support, I would not have been able to finish. I also owe much to my two fantastic children, Christopher and Daniel. They have endured not having their father available to them as much as they needed over the years and they have had to say goodbye to many friends as I have moved from one university to another. While they had to sacrifice much, they have always been there to ensure I did not give up. And finally, to the rest of my family, I want to thank you all for your love, support, and belief in my abilities. Chester L. Claar vii CONTENTS Page ABSTRACT..................................................................................................................... iii ACKNOWLEDGMENTS .............................................................................................. v LIST OF TABLES .......................................................................................................... ix LIST OF FIGURES ........................................................................................................ x CHAPTER I. INTRODUCTION .................................................................................. 1 Problem Statement .................................................................................. 2 Purpose Statement ................................................................................... 2 Conceptual Framework............................................................................ 3 Research Objectives ................................................................................ 4 Overview of Dissertation ........................................................................ 4 II. REVIEW OF THE LITERATURE ........................................................ 6 Information Security ............................................................................... 7 Technology Acceptance Research .......................................................... 19 Health Behavior Research ....................................................................... 34 Summary of Literature Review................................................................ 40 III. RESEARCH MODEL DEVELOPMENT .............................................. 42 Core Constructs ....................................................................................... 42 Moderating Constructs ............................................................................ 46 Chapter Summary.................................................................................... 49 IV. RESEARCH METHODS AND PROCEDURES.................................... 50 Population................................................................................................ 50 Survey Development................................................................................ 51 Operationalization of the Constructs....................................................... 51 Pretest....................................................................................................... 57 Data Collection........................................................................................ 60 V. DATA ANALYSIS ................................................................................. 63 Sample Characteristics ............................................................................ 63 viii Missing Data Analysis ............................................................................ 66 Construct Validity and Reliability .......................................................... 78 Hypothesis Testing .................................................................................. 75 VI. CONCLUSION ....................................................................................... 85 Summary of the Study............................................................................. 85 Contributions........................................................................................... 88 Limitations............................................................................................... 90 Future Research....................................................................................... 91 REFERENCES ............................................................................................................... 93 APPENDICES ............................................................................................................. 110 Appendix A – Email Invitation ........................................................... 111 Appendix B – Survey Posted on SurveyShare ........................................113 Appendix C – IRB Letter of Information................................................118 Appendix D – Interaction Analysis of Age * Barriers.......................... 121 Appendix E – Interaction Analysis of Education * Benefits................ 125 Appendix F – Interaction Analysis of Prior Experience * Severity...... 129 Appendix G – Interaction Analysis of Prior Experience * Self-efficacy 133 CURRICULUM VITAE .............................................................................................. 137 ix LIST OF TABLES Table Page 1 Demographic Variables ...................................................................................... 52 2 Security Incident Scenarios ................................................................................. 54 3 Pretest Demographic Data .................................................................................. 59 4 Pretest Reliability Analysis ................................................................................. 59 5 Initial Sample Characteristics.............................................................................. 64 6 Cases with Missing Data...................................................................................... 67 7 Final Sample Characteristics................................................................................ 67 8 Item Descriptive Statistics................................................................................... 69 9 Reliability Analysis.............................................................................................. 71 10 Scale Reliability................................................................................................... 72 11 Factor Loadings................................................................................................... 73 12 Factor Analysis Variance Explained.................................................................... 74 13 Construct Descriptive Statistics........................................................................... 74 14 Regression Model Fit........................................................................................... 76 15 Hierarchical Regression....................................................................................... 76
Description: