Human Aspects of Information Security: An Empirical Study of Intentional versus Actual Behavior

A significant amount of empirical research has been conducted on the socio-economic (sociological, psychological, economic) aspects of information security such asthe phenomena of individuals who are willing to take security measures, but often do not. There is a growing body of research relating to individual behaviour and decision-making. To promote effective information security measures, this paper refers to research on the psychology of persuasion from the field of social psychology. A survey was conducted into determinants for changing attitudes through persuasive messages, and the results were analysed. A questionnaire was used and the authors built a demonstrative experimental environment, which analysed in detail attitudinal changes in an individuals' behaviour.. As a result, the authors found differences in behaviour regarding the intent to implement measures discovered from the responses to the questionnaire as well as from actual conduct in the demonstrative experiment.