Browsing by Subject "Dark Triad"

Objectives. Even over one third of information security breaches are caused by human actions, which makes knowing the factors behind information security behaviour especially important in today’s world. The objective of this study was to investigate what kind of individual and organisational factors affect the way we act with personal and organisational data. The research model of this study combined the Theory of Reasoned Action (TRA) and personality traits as predictors of information security behaviour. In TRA, the best predictor of an action is the intention to do it, which in turn is affected by the attitude towards the action and subjective norms. Scenario method was used to investigate if TRA predicts actions also in concrete scenarios The included personality theories were Big Five and Dark Triad theories, of which the latter has not yet been studied in information security research. Methods. The data in this study was a sample of the students in the University of Helsinki and the National Defence University (N=408). The participants completed a survey which measured personality traits and the elements of TRA. Personality was assessed with Short Five and Short Dark Triad inventories. In addition, the participants read three scenarios where information security was at risk. After this they rated their probability to act in a similar way (intention) and their evaluation of the presented act (attitude). The scenarios in this study where divided in three groups according to their level of risk and each participant received scenarios only from a same level. The relationship between personality traits and responses in scenario situations was assessed with regression analysis. The measurement model was assessed with path analysis. Results and conclusions. The measurement model fit the data when it was used to predict security attitudes and the harm presented in the scenarios was mild. The TRA structure was therefore found to predict attitudes in concrete situations as well. The relationship between personality traits and scenario responses was different for intentions and attitudes. Higher scores in two Dark Triad traits were linked to higher intentions. Higher extroversion predicted both lower intentions and attitudes. In addition, higher openness was linked to more positive attitudes, and these two connections remained in the measurement model. This study provided more information about the relationship between personality traits and information security behaviour and gave insight on which factors to improve to secure information in organisations.