library.gito.de


WI2020
2020

Differences in IT Security Behavior and Knowledge of Private Users in Germany

Franziska Herbert, Gina Maria Schmidbauer-Wolf, and Christian Reuter

Technische Universität Darmstadt, Science and Technology for Peace and Security (PEASEC), Darmstadt, Germany


✉ Kontakt zum Autor

https://doi.org/10.30844/wi_2020_v3-herbert

The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) offers advice and recommendations for private users on how to behave securely. Based on these recommendations we investigate the IT security knowledge and behavior of private users with a representative study of the German population (N = 1.219). Additionally, we analyze the role of socio-demographic factors (gender, age, education, political orientation) for security knowledge and behavior. Results show that German private users have only moderate IT security knowledge and behavior, with aspects as gender, age, education and political orientation partly having an influence. Men, higher educated and politically moderately oriented participants show higher security knowledge, whereas young people and those less knowledgeable about security behave less security-conscious. Additionally, security knowledge and behavior correlate moderately. Therefore, to increase private users’ IT security we suggest to increase education and training especially for users being young, politically right-wing or female.

Keywords: IT security, security knowledge, online behavior, security behavior


1. ARD/ZDF - Onlinestudie 2018 | ARD/ZDF-Medienkommission, http://www.ard-zdfonlinestudie. de/ardzdf-onlinestudie-2018/.
2. Knirsch, R.: Telekom legt aktuelle Zahlen zur Cybersicherheit vor | Deutsche Telekom, https://www.telekom.com/de/medien/medieninformationen/detail/telekom-legt-aktuellezahlen- zur-cybersicherheit-vor-573046, last accessed 2019/07/29.
3. Bundeskriminalamt: Cybercrime Bundeslagebild 2017. , Wiesbaden (2018).
4. Bundeamt für Sicherheit in der Informationstechnik: Surfen, aber sicher! Basisschutz leicht gemact. , Bonn (2016).
5. Bundesamt für Sicherheit in der Informationstechnik (BSI): Die Lage der IT-Sicherheit Deutschland 2018. , Bonn (2018).
6. Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science (80-. ). 347, 509–514 (2015). https://doi.org/10.1126/science.aaa1465.
7. Jensen, C., Potts, C., Jensen, C.: Privacy practices of Internet users: Self-reports versus observed behavior. Int. J. Hum. Comput. Stud. 63, 203–227 (2005).
8. Norberg, P.A., Horne, D.R.: The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. J. Consum. Aff. 41, 100–126 (2007).
9. Anwar, M., He, W., Ash, I., Yuan, X., Li, L., Xu, L.: Gender difference and employees’ cybersecurity behaviors. Comput. Human Behav. 69, 437–443 (2017).
10. Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A.: Correlating human traits and cyber security behavior intentions. Comput. Secur. 73, 345–358 (2018).
11. McGill, T., Thompson, N.: Gender Differences in Information Security Perceptions and Behaviour. In: 29th Australasian Conference on Information Systems. pp. 1–11. , Sydney (2018).
12. Buck, C., Kessler, T., Eymann, T.: Nutzerverhalten als Teil der IT-Security – ein ISLiteraturüberblick. Proc. der 12. Int. Tagung Wirtschaftsinformatik. 1115–1130 (2015).
13. Li, Y., Siponen, M.: A call for research on home users’ information security behaviour. PACIS 2011 - 15th Pacific Asia Conf. Inf. Syst. Qual. Res. Pacific. (2011).
14. Reuter, C.: Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement. Springer Vieweg (Lehrbuch/Fachbuch), Wiesbaden (2018).
15. Schmitt, H., Peter, N., Lo Iacono, L., Gorski, P.L.: Usable Security and Privacy by Design. Software und Support Media GmbH (2017).
16. Beuchelt, G.: Schwache Passwörter Nutzer spielen weiterhin Vogel Strauß. Wirtschaftsinformatik Manag. 10, 18–21 (2018).
17. Caputo, D.D., Pfleeger, S.L., Sasse, M.A., Ammann, P., Offutt, J., Deng, L.: Barriers to Usable Security? Three Organizational Case Studies. IEEE Secur. Priv. 14, 22–32 (2016).
18. Furnell, S.M., Bryant, P., Phippen, A.D.: Assessing the security perceptions of personal Internet users. Comput. Secur. 26, 410–417 (2007).
19. Broos, A.: Gender and information and communication technologies (ICT) anxiety: Male self-assurance and female hesitation. Cyberpsychology Behav. 8, 21–31 (2005).
20. Darwish, A., Zarka, A. El, Aloul, F.: Towards Understanding Phishing Victims’ Profile. In: 2012 International Conference on Computer Systems and Industrial Informatics. pp. 1–5. IEEE, Sharjah, United Arab Emirates (2012).
21. He, J., Freeman, L. a.: Are Men More Technology-Oriented Than Women ? The Role of Gender on the Development of General Computer Self-Efficacy of College Students. J. Inf. Syst. Educ. 21, 203–213 (2010).
22. Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F., Downs, J.: Who falls for phish? A Demographic Analysis of Phishing Susceptibility and Effectiveness of Interventions. In: Proceedings of the 28th international conference on Human factors in computing systems - CHI ’10. pp. 373–382. ACM Press, Atlanta, Georgia, USA (2010).
23. Hoy, M.G., Milne, G.: Gender Differences in Privacy-Related Measures for Young Adult Facebook Users. J. Interact. Advert. 10, 28–45 (2010).
24. Mohamed, N., Ahmad, I.H.: Information privacy concerns, antecedents and privacy measure use in social networking sites: Evidence from Malaysia. Comput. Human Behav. 28, 2366–2375 (2012).
25. Parrish Jr., J.L., Bailey, J.L., Courtney, J.F.: A personality based model for determining susceptibility to phishing attacks. In: Southwest Decision Sciences Institute. pp. 285–296. , Oklahoma City, OK (2009).
26. Whitty, M., Doodson, J., Creese, S., Hodges, D.: Individual Differences in Cyber Security Behaviors: An Examination of Who Is Sharing Passwords. Cyberpsychology, Behav. Soc. Netw. 18, 3–7 (2015).
27. Schmidbauer-Wolf, G.M., Herbert, F., Reuter, C.: Ein Kampf gegen Windmühlen: qualitative Studie über Informatikabsolvent_innen und ihre Datenprivatheit. Mensch und Comput. 2019 - Work. (2019).
28. Krasnova, H., Veltri, N.F.: Privacy calculus on social networking sites: Explorative evidence from Germany and USA. Proc. Annu. Hawaii Int. Conf. Syst. Sci. 1–10 (2010).
29. Destatis: Bildungsstand: Allgemeine Schulausbildung, https://www.destatis.de/DE/Themen/Gesellschaft-Umwelt/Bildung-Forschung- Kultur/Bildungsstand/Tabellen/bildungsabschluss-privathaush-allgemeine-schulausbildunginsgesamt. html.
30. Statista: Bevölkerung Deutschlands nach Altersgruppen 2015. Statista, Hamburg, Germany (2016).
31. Statistisches Bundesamt, Wissenschaftszentrum Berlin für Sozialforschung WZB: Datenreport 2016: Ein Sozialbericht für die Bundesrepublik Deutschland. [Data Report 2016: A Social Report for the Federal Republic of Germany]. Statistisches Bundesamt, Bonn, Germany (2016).
32. Bundesamt für Sicherheit in der Informationstechnik: BSI für Bürger - Virtual Private Networks (VPN), https://www.bsi-fuerbuerger. de/BSIFB/DE/Empfehlungen/VPN/VPN_Virtual_Private_Network_node.html.
33. Rohrmann, B.: Emprische Studien zur Entwicklung von Antwortskalen für die sozialwissenschaftliche Forschung. Zeitschrift für Sozialpsychologie. 9, 222–245 (1978).
34. Tobergte, D.R., Curtis, S.: Testtheorie und Fragebogenkonstruktion. Springer Berlin Heidelberg, Berlin, Heidelberg (2012).
35. Leonhart, R.: Psychologische Methodenlehre Statistik. Ernst Reinhardt, GmbH & Co KG, Verlag, München (2008).
36. Victor, A., Elsäßer, A., Hommel, G., Blettner, M.: Judging a Plethora of p-Values. Dtsch. Aerzteblatt Online. 107, 50–56 (2010).
37. Tobergte, D.R., Curtis, S.: Testtheorie und Fragebogenkonstruktion. Springer Berlin Heidelberg, Berlin, Heidelberg (2012).
38. Reuter, C., Häusser, K., Bien, M., Herbert, F.: Between Effort and Security: User Assessment of the Adequacy of Security Mechanisms for App Categories, Mensch und Computer 2019. Hamburg, Germany: ACM, pp. 287–297. (2019)

 

Beitrag herunterladen