Journal of Information Technology Applications and Management

Korea Data Strategy Society (한국데이터전략학회)
권호 표지
DOI QR코드

DOI QR Code

The Effect of Security Awareness Training on the Use of Biometric Authentication: Focusing on the Protection Motivational Behaviors

  • Jung, Seungmin (Department of Store Management, So ngeui Women's College) ;
  • Park, Joo Yeon (Discipline of Information Technology, Mathematics and Statistics, College of Science, Health, Engineering and Education, Murdoch University)
  • Received : 2019.11.29
  • Accepted : 2020.03.15
  • Published : 2020.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

The purpose of this study is to investigate the behavioral factors affecting the security attitude and intention to use biometrics password based on the protection motivation theory. This study also investigates security awareness training to understand trust, privacy, and security vulnerability regarding biometric authentication password. This empirical analysis reveals security awareness training boosts the protection motivational factors that affect on the behavior and intention of using biometric authentication passwords. This study also indicates that biometric authentication passwords can be used when the overall belief in a biometric system is present. After all, security awareness training enhances the belief of biometric passwords and increase the motivation to protect security threats. The study will provide insights into protecting security vulnerability with security awareness training.

Keywords

References

  1. Abawajy, J., "User preference of cybersecurity awareness deliverymethods", Behavior &Information Technology, Vol. 33, No. 3, 2014, pp. 237-248. https://doi.org/10.1080/0144929X.2012.708787
  2. Albrechtse, E. and J. Hovden, "Improving information security awareness and behavior through dialogue, participation and collective reflection", An Intervention Study, Computers and Security, Vol. 29, No. 4, 2010, pp. 432-445. https://doi.org/10.1016/j.cose.2009.12.005
  3. An, J. S., "Biometric authentication for banknotes ...Will it settled as a newtrend?". Available at http://www.segye.com/news-View/20160202004025 (Downloaded 03 Feb. 2016).
  4. Anderson, C. L. and R. Agarwal, "Practicing Safe Computing: AMultimedia Empirical Examination of Home Computer User Security Behavioral Intentions", MIS Quarterly, Vol. 34, No. 3, 2010, pp. 613-643. https://doi.org/10.2307/25750694
  5. Bhattacherjee, A., "Understanding Information Systems Continuance: An Expectation-Confirmation Model", MIS Quarterly, Vol. 25, 2001, pp. 351-371. https://doi.org/10.2307/3250921
  6. Bulgurcu, B., H. Cavusoglu, and I. Benbasat, "Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information security Awareness", MIS Quarterly, Vol. 34, No. 3. 2010, pp. 523-548. https://doi.org/10.2307/25750690
  7. Chae, S. I., Social Science Investigation Methodology, Hakhyeonsa, Seoul, Korea. 2001.
  8. Chang, H. S. and D. H. Jung, "A study on the Relationship between Cyberloafing Characteristic and Cognitive Dissonance", Journal of The Korea Society of Computer and Information, Vol. 20, No. 9, 2015, pp. 73-80. https://doi.org/10.9708/jksci.2015.20.9.073
  9. Chang, M. H. and D. Y. Kang, "Factors Affecting the Information Security Awareness and Perceived Information Security Risk of Employees of Port Companies", Journal of Navigation and Port Research, Vol. 36, No. 3, 2012, pp. 261-271. https://doi.org/10.5394/KINPR.2012.36.3.261
  10. Chen, X., L. Chen, and D. Wu, "Factors That Influence Employees' Security Policy Compliance: An Awareness-Motivation- Capability Perspective", Journal of Computer Information Systems, Vol. 58, No. 4, 2018, pp. 312-324 https://doi.org/10.1080/08874417.2016.1258679
  11. Coventry, L., A. De Angeli, and G. Johnson, "Usability and Biometric Verification at the ATM Interface", SIGCHI Conference on Human Factors in Computing Systems, 2003, pp. 153-160.
  12. Das, T. K. and B. Teng, "Between Trust and Control: Developing Confidence in Partner Cooperation in Alliance", Academy of Management Review, Vol. 23, No. 3, 1998, pp. 491-512. https://doi.org/10.5465/amr.1998.926623
  13. Davis, D., "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology", MIS Quarterly, Vol. 13, No. 3, 1989, pp. 319-340. https://doi.org/10.2307/249008
  14. Dinev, T. and P. Hart, "Internet Privacy Concern and their Antecedents-Measurement Validity and a Regression Model", Behavior and Information Technology, Vol. 23, No. 6, 2004, pp. 413-422. https://doi.org/10.1080/01449290410001715723
  15. Eminagaoglu, M., E. Ucar, and S. Eren, "The positive outcomes of information security awareness training in companies: A case study", Information Security Technical Report, Vol. 4, 2010, pp. 1-7. https://doi.org/10.1016/S1363-4127(99)80081-8
  16. Flavian, C. and M. Guinaliu, "Consumer Trust, Perceived Security and Privacy Policy: Three Basic Elements of Loyalty to a Web Site", Industrial Management and Data Systems, Vol. 106, No. 4, 2006, pp. 601-620. https://doi.org/10.1108/02635570610666403
  17. Fornell, C. and D. F. Larcker, "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error", Journal of Marketing Research, Vol. 18, No. 1, 1981, pp. 39-50. https://doi.org/10.1177/002224378101800104
  18. Furnell, S. and I. Vasileiou, "Security education and awareness: Just let themburn?", Network Security, Dec. 2017, pp. 5-9.
  19. Heo, J. and S. J. Ahn, "Effects of Biased Awareness of Security Policies on Security Compliance Behavior", The Journal of Korean Association of Computer Education, Vol. 23, No. 1, 2020, pp. 63-75. https://doi.org/10.32431/kace.2020.23.1.006
  20. Ifinedo, P., "Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory", Computers and Security, Vol. 31, No. 1, 2012, pp. 83-95. https://doi.org/10.1016/j.cose.2011.10.007
  21. James, T., T. Pirim, K., Boswell, B. Reithel, and R. Barkhi, "Determining the Intention to Use Biometric Devices: An Application and Extension of the Technology Acceptance Model", Journal of Organizational and End User Computing, Vol. 18, No. 3, 2006, pp. 1-24. https://doi.org/10.4018/joeuc.2006070101
  22. Jarvenpaa, S. L. and P. Todd, "Consumer Reactions to Electronic Shopping on the World Wide Web", International Journal of Electronic Commerce, Vol. 1, No. 2, 1996, pp. 59-88. https://doi.org/10.1080/10864415.1996.11518283
  23. Jemal, A., "User preference of cyber security awareness delivery methods", Behaviour & Information Technology, Vol. 33, No. 3, 2014, pp. 237-248. https://doi.org/10.1080/0144929X.2012.708787
  24. Jin, S. H., D. G. Lee, and S. J. Lee. "The Influence of Technostress and Antismart on Smartphones", Journal of Digital Convergence, Vol. 10, No. 10, 2012, pp. 187-195. https://doi.org/10.14400/JDPM.2012.10.10.187
  25. Johnston, A. C. and M. Warkentin, "Fear Appeals and Information Security Behaviors: An Empirical Study", MIS Quarterly, Vol. 34, No. 3, 2010, pp. 549-566. https://doi.org/10.2307/25750691
  26. Kang, D. Y. andM. H. Chang, "An Analysis of Compliance with Information Security Policy Effects on Information Security Ability and Behavior: Focused on Workers of Shipping and Port Organization", Journal of Korea Port Economic Association, Vol. 30, No. 1, 2014, pp. 97-118.
  27. Kim, B. R., J.W. Lee, and B. S. Kim, "Effect of Information Security Training and Services on Employees' Compliance to Security Policies", Informatization Policy, Vol. 25, No. 1, 2018, pp. 99-114. https://doi.org/10.22693/NIAIP.2018.25.1.099
  28. Kim, J. K. and D. Y. Kang, "A Study on the Factors Affecting the Information Systems Security Effectiveness of Password", Asia Pacific Journal of Information System, Vol. 18, No. 4, 2008, pp. 1-26. https://doi.org/10.1111/j.1365-2575.2007.00287.x
  29. Kim, J. K. and J. H. Kim, "An Empirical Study on Security Behavioral Intention of Individual Users: Comparison between Personal Computers and Smartphones", The Journal of Internet Electronic Commerce Research, Vol. 14, No. 6, 2014, pp. 45-69.
  30. Kim, J. K., J. Y. Kim, and Q. Li, "A Study on Factors Affecting Smartphone User's Security Behavior Intention", The Journal of Internet Electronic Commerce Research, Vol. 16, No. 6, 2016, pp. 115-136.
  31. Kim, J. S. and B. Bernhard, "Factors influencing hotel customers' intention to use a fingerprint system", Journal of Hospitality and Tourism Technology, Vol. 5, No. 2, 2014, pp. 98-125. https://doi.org/10.1108/JHTT-11-2013-0031
  32. Kim, S. H. and Y. M. Song, "An Empirical Study onMotivational Factors Influencing Information Security Policy Compliance and Security Behavior of End-Users (Employees) in Organizations", The e-Business Studies, Vol. 12, No. 3, 2011, pp. 327-349. https://doi.org/10.15719/geba.12.3.201109.327
  33. Korea Consumer Agency, Mobile Payment Service Status Survey, 2016.
  34. Lee, B. Y. andM. Y. Kim, "Factors affecting the Continuance Usage Intention of Biometric Technology: Comparing Dark Scenario with Bright Scenario", The Journal of Society for e-Business Studies, Vol. 16, No. 3, 2011, pp. 1-22. https://doi.org/10.7838/jsebs.2011.16.3.001
  35. Lee, C. S. and Y. H. Kim, "An Analysis of Relationship between Industry Security Education and Capability: Case Centric on Insider Leakage", The Journal of Society for e-Business Studies, Vol. 20, No. 2, 2015, pp. 27-36. https://doi.org/10.7838/jsebs.2015.20.2.027
  36. Lee, K. E., J. Y. Kim, J. S. Hyun, and C. J. Park, "The Effects of Information Security Vaccine User's Construal Level and Message Type on the Information Security Behavior", The Journal of Korean Association of Computer Education, Vol. 18, No. 6, 2015, pp. 33-42. https://doi.org/10.32431/KACE.2015.18.6.004
  37. Lee, S. K. and M. S. Chae, "An Study on the Factors that Motivate The Compliance of the Organizational Security Policy", Korean Journal of Business Administration, Vol. 27, No. 6, 2014, pp. 927-953.
  38. Lee, Y. and K. R. Larsen, "Threat or coping appraisal: determinants of SMB executives' decision to adopt antimalware software", European Journal of Information Systems, Vol. 18, No. 2, 2009, pp. 177-187. https://doi.org/10.1057/ejis.2009.11
  39. Liang, H. and Y. Xue, "Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective", Journal of the Association for Information Systems, Vol. 11, No. 7, 2009, pp. 394-413. https://doi.org/10.17705/1jais.00232
  40. Limayem, M., M. Khalifa, andW. W. Chin, "Factors Motivating Software Privacy: A Longitudinal Study", IEEE Transactions on Engineering Management, Vol. 51, No. 4, 2004, pp. 414-425. https://doi.org/10.1109/TEM.2004.835087
  41. Lin, C. S., S.Wu, and R. J. Tsai, "Integrating Perceived Playfulness into Expectation-ConfirmationModel for Web Portal", Information and Management, Vol. 43, No. 5, 2005, pp. 683-693.
  42. Moody, J., "Public Perceptions of Biometric Devices: The Effect of Misinformation on Acceptance and Use", Journal of Issues in Informing Science and Information Technology, Vol. 1, 2004, pp. 753-761. https://doi.org/10.28945/775
  43. Ngugi, B., A. Kamis, and M. Tremaine, "Intention to Use Biometric Systems", e-Service Journal, Vol. 7, No. 3, 2011, pp. 20-46. https://doi.org/10.2979/eservicej.7.3.20
  44. Park, K. A., D. Y. Lee, and C. M. Koo, "An Empirical Study about Internet and Social Network Security Behavior of End User", Journal of Information Systems, Vol. 21, No. 4, 2012, pp. 1-29. https://doi.org/10.5859/KAIS.2012.21.4.1
  45. Peyravian, M. and N. Zunic, "Methods for Protecting Password Transmission", Computers & Security, Vol. 19, No. 5, 2000, pp. 466-469. https://doi.org/10.1016/S0167-4048(00)05032-X
  46. Ring, P. S. and A. H. Van De Ven, "Developing Processes of Cooperative Inter-organizational Relationships", Academy of Management Review, Vol. 19, 1994, pp. 90-118. https://doi.org/10.5465/amr.1994.9410122009
  47. Roca, J. C., C. M. Chiu, and F. J.Martinez. "Understanding E-learning Continuance Intention: An Extension of the Technology AcceptanceModel", Human-Computer Studies, Vol. 64, No. 8, 2006, pp. 683-696. https://doi.org/10.1016/j.ijhcs.2006.01.003
  48. Rogers, R. W., In Social Psychophysiology: A Sourcebook. Cacioppo, J. T. &Petty, R. E. (Eds.). Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protected Motivation. New York: The Guilford Press, 1983.
  49. Rosa, R. H., A. S. Patrick, and A. Ozok, "Perception and Acceptance of Fingerprint Biometric Technology", Symposium On Usable Privacy Security(SOUPS), 2007.
  50. Rousseau, D. M., S. G. Sitkin, R. S. Butt, and C. Camerer, "Not So Different After All: A Cross-Discipline View of Trust", Academy ofManagement Review, Vol. 23, No. 3, 1998, pp. 393-404.
  51. Shaw, R. S., C. C. Chen, A. Harris, and H. J. Huang, "The impact of information richness on information security awareness training effectiveness", Computers & Education, Vol. 52, 2009, pp. 92-100. https://doi.org/10.1016/j.compedu.2008.06.011
  52. Smith, H., S. Milberg, and S. Berke, "Information Privacy: Measuring Individuals' Concerns about Organizational Practices", MIS Quarterly, Vol. 20, 1996, pp. 167-196. https://doi.org/10.2307/249477
  53. Soh, K. L.,W. P.Wongand, and K. L. Chan, "Adoption of Biometric Technology in Online Applications", International Journal of Business and Management Science, Vol. 3, No. 2, 2010, pp. 121-146.
  54. Tamjidyamcholo, A., M. S. B. Baba, H. Tamjid, and R. Gholipour, "Information security: Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity and shared-language", Computers & Education, Vol. 68, 2013, pp. 223-232. https://doi.org/10.1016/j.compedu.2013.05.010
  55. Vance, A., M. Siponen, and S. Pahnila, "Motivation IS Security Compliance: Insights From Habit and Protection Motivation Theory", Information and Management, Vol. 49, 2012, pp. 190-198. https://doi.org/10.1016/j.im.2012.04.002
  56. Vatanasombut, B. M., A. C. Igbaria, and W. Stylianou, "Information Systems Continuance Intention of Web-based Applications Customers: The Case of Online Banking", Information andManagement, Vol. 45, No. 7, 2008, pp. 419-428.
  57. Vijayasarathy, L. R., "Predicting Consumer Intentions to Use On-line Shopping: The Case for an Augmented Technology Acceptance Model", Information and Management, Vol. 41, No. 6, 2004, pp. 747-762. https://doi.org/10.1016/j.im.2003.08.011
  58. Yim, M. S., "Why Security Awareness Education is not Effective?", Journal of Digital Convergence, Vol. 12, No. 2, 2014, pp. 27-37. https://doi.org/10.14400/JDC.2014.12.2.27
  59. Yu, J. W., Replace your secret number... Is there any problemwith the introduction of biometric authentication in the financial sector?. Available at http://www.enewstoday.co.kr/news/articleView.html?idxno=690695 (Download 03 Feb. 2017).
  60. Yun, J. B., "A Study on the Short Term Curriculumfor Strengthening Information Security Capability in Public Sector", Journal of the Korea Institute of Information Security & Cryptology, Vol. 26, No. 3, 2016, pp. 769-776. https://doi.org/10.13089/JKIISC.2016.26.3.769