1.
Introduction
2.
Methodology
3.
Literature Review
4.
Constructs
5.
Limitations
6.
Addition to the
Body of Knowledge
7.
Conclusion
8.
Appendix
………………………………………..
………………………………………..
………………………………………..
………………………………………..
…………………………………….….
………………………………………..
………………………………………..
………………………………………..
2
2
3
4
5
5
5
6
1

1.
Introduction
Computers and computer networks have become an integral part of our social world. Securing this infrastructure, adopting protective measure and threat avoidance has become necessary as computer system vulnerabilities are increasingly becoming a major issue.
The adoption of personal computers and general access to telecommunications links such as the
Internet have strengthened the necessity for computer security. This submission reviews the work on two papers. We organize the review in 8 sections: Introduction, Methodology,
Literature Review , Constructs used, Limitations, Addition to body of knowledge, Conclusion and
Appendix .
Paper 1 : “The Adoption of Computer Security: An Analysis of Home Personal Computer User
Behavior Using the Health Belief Model” by Chester L. Claar
Paper 2: “An Extended Perspective on Individual Security Behaviors: Protection Motivation
Theory and a Unified Security Practices (USP) Instrument” by Robert Crossler & France
Belanger.
The two papers were examined carefully and various extracts and mind-mappings were done to outline the various concerns of both authors. This paper will draw out the similarities and differences in the approach of the two authors. The two papers have been noticed to have used the same domain, behavioral Practice on Personal Computer usage . Both papers examine behavioral actions toward the use of security practices. While Paper 1 lays emphasis on adoption,
Paper 2 seeks threat avoidance.
2.
Methodology
Robert and Frances reviewed previous security researches made and carried out surveys. They used Protection Motivation Theory (PMT) as foundation. While Chester also carried out surveys, the items on the survey are adapted from other research on information security and also used the
Health Belief Model (HBM) as a foundation. Both researches carried out reliability analysis of data to ensure that the same results can be obtained by independent researchers.
2

3.
Literature Review
Both documents agree that security is a Primary concern as the adoption of computers and computer networks have become ubiquitous. As Chester’s investigation adopts a measure to curb computer system vulnerabilities on personal computers at home, Robert and Frances focus on what protective measures users take to guard their home computers and networks against computer system vulnerabilities.
Interestingly both papers used models which focus on Protection. Chester used the Health Belief
Model (HBM) which was designed to test the protection by individuals against contracting diseases, while Robert and Frances also used Protection Motivation Theory (PMT) which can also be used in the protection against diseases. As PMT focuses on single protection behavior, this current study covers a multiplicity of individual security practices.
In the papers under discussion, these models have been used inversely in computer and network security domain. Chester examined the adoption of computer security software in home computer environment while Robert and Frances concentrated on expanding the understanding of PMT by empirically testing it using a Unified Measure of Security Related Practices (e.g.
Antivirus usage, Anti- Spyware Software Usage, Software Patches etc.)
A combination of online based survey and snowball technique was used in both researches. Both researches have a Positivist outlook as they carried out their findings by Quantitative Survey.
Chester used an online based survey and the target group was individuals involved in the selection, installation and maintenance of software on the home computer.
The scope of survey carried out by Frances and Robert is more varied as it used data collected from online and paper-based versions. The target group being spectators at a soccer tournament, online sampling of professional researchers and the researchers being asked to contact others.
The target group also included subscribers of graduate school listserv. Frances and Robert used a sampling size of 324. 55 on paper and 269 online. A final figure of 279 was used for data analysis While Chester used final figure 171 from one source for analysis.
3

A further highlight of the HBM model is that; the HBM model employed demographic variables
(sex, age, educational level and race), socio-psychological variables (personality, social class and peer pressure) and structural variables as independent variable as against four perceived dependent constructs. These variables turn to influence personal perception.
4.
Constructs
There is a slight variation in the constructs used.
Health Belief Model (HBM)
Constructs
Protection Motivation Theory (PMT)
Constructs
Perceived Severity Perceived Severity
Self-Efficacy(H5)
Perceived Vulnerability (H1)
Self-Efficacy
Perceived Vulnerability
Education and Benefit (H9c) Perceived Cost
Prior Experience and Perceived
Severity(H10b)
Response Efficacy
Prior Experience and perceived selfefficacy(H10c)
Two-way interaction of age and
Barriers(H8d)
Perceived Barriers(H4)
4

5.
Limitation
Chester admitted the study population is not widely distributed and there has been anonymous data collection leading to an inability to track invitations and resulting responses (snowball technique).
Also , Accessibility to survey online limits users without internet or who aren’t comfortable using the online portal.
Frances and Robert admitted the following limitations; leaving password trails was not included in the final USP instrument. Using caution when opening links in emails was also not in the USP measure due to results of the analyses. Future Technology may change practices which currently support the USP instrument.
6.
Addition to body of knowledge
Chester maintained that, perception of fear is a motivation for an individual to adopt computer security software and the constructs in HBM can be used to study computer security.
France and Robert adopted the tool, Unified Security Practice (USP) instrument as means of obtaining a wider view of individual behavior in avoiding IT threats.
7.
Conclusion
The Researchers of both papers were able to Achieve their objective based on their findings.
Chester proved successfully that a model used in the Health industry could also be applied in computer security. Some Constructs identified in Chester’s research were impactful in defining user’s computer security behavior. Robert & Frances extended the usage of PMT model by defining instruments which indicated useful computer health practices and its impact on the PMT model.
5

8.
Appendix
Extracts
Paper 1: The Adoption of Computer Security: An Analysis of Home Personal Computer
User Behaviour Using the Health Belief Model
Area of Research Motivations for implementing Computer Security
Ontology
Methodology
Limitation
Positivist
Web Based Survey – Questionnaire, Quantitative
Model
1.
Studied population not widely distributed.
2.
Anonymous data collection leading to an inability to track invitation and resulting responses (snow-ball technique).
3.
Self-reported usage could lead to self-report bias (monitor actual security task a person performs).
4.
Accessibility to survey online limits users without internet or who aren’t comfortable
Health Belief Model
Target Group
Context
Advantage Disadvantage
Fear belief as a motivating factor to secure personal computers is not present in current IS Research models.
Personal Computer Users responsible for implementing computer security.
Computer Security, Personal computer, Human behavior
6

Conclusion
Further Research
1.
Results demonstrate that certain constructs found in the Health
Belief Model are more effective than others in motivating individuals to utilize.
2.
Certain constructs like perceived vulnerability (fear factor) not present in current IS Research models.
1.
Foundation for developing new models to motivate users protect computer systems.
2.
New research with much larger sampling and diverse target group.
Emphasizes 1.
Behavioral intention of users to use computer security technology.
Paper 2: An Extended Perspective on Individual Security Behaviours: Protection
Motivation Theory and a Unified Security Practices (USP) Instrument
Area of Research Computer Security practices and determinants for their motivation
Ontology
Methodology
Positivist
Unstructured and Structured Interview, Paper-based Survey, Webbased Survey
7

Limitation
Model
Target Group
Context
Conclusion
Further Research
Emphasizes
Identified Threats
1.
Emerging exploitation of security vulnerabilities may render current findings inadequate (Need to be regularly updated).
2.
Anonymous data collection leading to an inability to track invitation and resulting responses (snowball technique).
3.
Self-reported usage could lead to self-report bias (monitor actual security task a person performs).
4.
Study limited to US respondents (A cross cultural study spanning several countries could provide more insight).
Protection Motivation Theory with Unified Security Practices
Students with access to security tools and internet, cross-section of society.
Information Security, Security Practices, Protection Motivation
Theory, Users
1.
Identifying security practices that users perform gives researcher avenue to study aspects of security users take seriously.
2.
Certain constructs like perceived vulnerability (fear factor) not present in current IS Research models.
1.
Research could also focus on security on mobile device.
2.
New research with much larger sampling and diverse target group.
1.
Types of specific computer security practices.
2.
Not only personal computer users but users in an
Organization.
File loss, Identity theft, reduction in computer performance
8