The Influence of Human Behaviors on Information Systems Security Controls

Abstract

The study assessed the influence of human behaviour towards information security controls. In that regard, the user’s awareness, and behaviour towards information security were assessed. The study adopted a case study design and collected data through survey questionnaires from 225 respondents with a response rate of 97.33% (219) from NSSF in Arusha. In this study, the descriptive statistics was used to present the findings from five-point Likert Scale questions while, logistic regression analysis was used to estimate the relationship between human behaviours and information security controls. Generally, the findings revealed positive user awareness of information security controls within NSSF, reflecting a high level of belief in the importance of adhering to security practices. Besides, it was revealed that there is a negative perception on the need for improved verification practices before clicking links and occasional unauthorized software installations. For the significance of respondents' perceptions regarding the impact of human behaviour on information system security highlights an overall positive inclination towards information security behaviours. Lastly, it was revealed that perceived usefulness, attitude and response efficacy revealed significant with positive effect on information security controls while, the effect of self efficacy revealed significant but negative. Additionally, perceived behaviour control, subjective norms and perceived threats were not significant. The study draws recommendations to the NSSF and public sector organisation to invest in information security awareness to all staff and external customers because threats are originated from users of the systems. Also, the users are recommended on actively seeking information about the benefits of information security technologies. Lastly, NSSF is recommended not to disregard the insignificant factors but to take caution on their perceived effects.