A Survey of Factors Influencing People’s Perception of Information Security

  • Ding-Long Huang
  • Pei-Luen Patrick Rau
  • Gavriel Salvendy
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4553)


Information security is a great concern to computer users, which is not only a technical problem, but also related to human factors. The objective of this study is to investigate the factors that can influence people’s perception of different threats to information security. In the survey study, 602 respondents were asked to evaluate one of 21 common threats to information security with regard to its position on each of the 20 threat-related items. An exploratory factor analysis was then conducted, and a six-factor structure modeling people’s perception of different threats to information security was derived. The relations between the factors and the perceived overall danger of threats were also tested by multiple regression analyses.


Perception Information Security Survey Factor Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Berinato, S.: The Global State of Information Security 2005. CIO and PricewaterhouseCoopers (2005) (retrieved April 16, 2006), from
  2. 2.
    UNCTAD: Information Economy Report. United Nations Conference on Trade and Development (2005) (retrieved April 17, 2006), from
  3. 3.
    Gonzalez, J.J., Sawicka, A.: A Framework for Human Factors in Information Security. In: ICIS 2002. The 2002 WSEAS International Conference on Information Security (2002)Google Scholar
  4. 4.
    Turner, D., Entwisle, S., Fossi, M., Blackbird, J., Mckinney, D.: Symantec Internet Security Threat Report - Trends for January 06 to June 06 (2006) (retrieved January 17, 2007), from
  5. 5.
    Gorden, L.A., Loeb, M.P., Lucyshyn, W., Richardson, R.: 2006 CSI/FBI Computer Crime and Security Survey. Computer Security Institute (2006) (retrieved January 9, 2007), from
  6. 6.
    Schultz, E.E., Proctor, R.W., Lien, M.C., Salvendy, G.: Usability and security: an appraisal of usability issues in information security methods. Computers and Security 20(7), 620 (2001)CrossRefGoogle Scholar
  7. 7.
    CNNIC: The Statistics Report of The Development of Internet in China. China Internet Network Information Center (2006) (retrieved April 17, 2006), from
  8. 8.
    Hassel, L., Wiedenbeck, S.: Human Factors and Information Security, in College of Information Science and Technology. Drexel University (2004)Google Scholar
  9. 9.
    Salvendy, G.: Handbook of Human Factors and Ergonomics. Wiley-Interscience, Chichester (1997)Google Scholar
  10. 10.
    Cooper, D.: Psychology, risk & safety: understanding how personality & perception can influence risk taking. Professional Safety 48(11), 39–46 (2003)Google Scholar
  11. 11.
    NSTISSC: National Training Standard for Information Systems Security (Infosec) Professionals. National Security Telecommunications and Information Systems Security Committee (1994)Google Scholar
  12. 12.
    Whitman, M.E., Mattford, H.J.: Principles of Information Security. Thomson Learning (2004)Google Scholar
  13. 13.
    Musekura, J.B., Ekh, R.: Information Security Issues - Difference between Perception and Practice in Organizations. In Department of Business, Economics, Statistics and Informatics. Orebro University, Sweden (2004) (retrieved January 6, 2007), from
  14. 14.
    Whitman, M.E.: Enemy at the gate: Threats to information security. Communications of the ACM 46(8), 91–95 (2003)CrossRefGoogle Scholar
  15. 15.
    Starr, C.: Social benefit versus technological risk. Science 165, 1232–1238 (1969)CrossRefGoogle Scholar
  16. 16.
    Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S., Cambs, B.: How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy Sciences 9, 127–152 (1978)CrossRefGoogle Scholar
  17. 17.
    Slovic, P., Fischhoff, B., Lichtenstein, S.: Facts and Fears - Understanding Risk. In: Schwing, R.C., Albers, W.A. (eds.) Societal Risk Assessment - How Safe is Safe Enough?, pp. 181–218. Plenum, New York (1980)Google Scholar
  18. 18.
    Slovic, P.: Perception of Risk. Science 236, 280–285 (1987)CrossRefGoogle Scholar
  19. 19.
    Siegrist, M., Keller, C., Kiers, H.A.L.: A New Look at the Psychometric Paradigm of Perception of Hazards. Risk Analysis 25(1), 211–222 (2005)CrossRefGoogle Scholar
  20. 20.
    Covello, V.T.: The perception of technological risks: a literature review. Tech. Forecasting Social Change 23, 285–297 (1983)CrossRefGoogle Scholar
  21. 21.
    Covello, V.T.: Risk communication: An emerging area of health communication research. In: Deetz, S.(ed.) Communication Yearbook, 15 edn. (1992)Google Scholar
  22. 22.
    Covello, V.T., Merkhofer, M.W.: Risk Assessment Methods. Plenum Press, New York (1994)Google Scholar
  23. 23.
    Sjoeberg, L., Drottz-Sjoeberg, B.-M.: Knowledge and risk perception among nuclear power plant employees. Risk Analysis 11(4), 607 (1991)CrossRefGoogle Scholar
  24. 24.
    Stainer, A., Stainer, L.: Young people’s risk perception of nuclear power - a European viewpoint. International Journal of Global Energy Issues 7(5-6), 261–270 (1995)Google Scholar
  25. 25.
    Setbon, M., Raude, J., Fischler, C., Flahault, A.: Risk perception of the mad cow disease in France: Determinants and consequences. Risk Analysis 25(4), 813–826 (2005)CrossRefGoogle Scholar
  26. 26.
    Slovic, P., MacGregor, D., Kraus, N.N.: Peception of Risk from Automobile Safety Defects. Accident Analysis and Prevention 19(5), 359–373 (1987)CrossRefGoogle Scholar
  27. 27.
    MacDonald, G.: Risk perception and construction safety. In: Proceedings of the Institution of Civil Engineers: Civil Engineering, vol. 159 (2 SPEC ISS), pp. 51–56 (2006)Google Scholar
  28. 28.
    Jackson, J., Allum, N., Gaskell, G.: Perceptions of Risk in Cyberspace. In: Mansell, R., Collins, B.S. (eds.) Trust and Crime in Information Societies, Edward Elgar, Northampton, MA (2005)Google Scholar
  29. 29.
    Vyskoc, J., Fibikova, L.: IT users’ perception of information security. In: 2nd Working Conference on Security and Control of Information Technology in Security 2001, Comenius Univ., Bratislava, Slovakia (2001)Google Scholar
  30. 30.
    Yenisey, M.M., Ozok, A.A., Salvendy, G.: Perceived security determinants in e-commerce among Turkish university students. Behaviour & Information Technology 24(4), 259–274 (2005)CrossRefGoogle Scholar
  31. 31.
    Nunnally, J.C.: Psychometric Theory. McGraw-Hill, New York, NY (1978)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Ding-Long Huang
    • 1
  • Pei-Luen Patrick Rau
    • 1
  • Gavriel Salvendy
    • 1
  1. 1.Department of Industrial Engineering, Tsinghua University, Beijing 100084China

Personalised recommendations