Investigating Students’ Cyber Security Behaviors in Relation to Big Five Personality Traits and Other Various Variables

Year 2019, Volume: 15 Issue: 1, 186 - 215, 15.04.2019

Mehmet Fatih Yiğit Süleyman Sadi Seferoğlu

https://doi.org/10.17860/mersinefd.437610

Cited By: 9

Abstract

The aim of this study is to examine the cyber security behaviors of university
students according to the five factor personality traits and the variables of gender,
grade, department, status of receiving information security training and weekly
internet usage. 420 students from different universities, departments and grades
participated in the study. This study was conducted according to descriptive, correlational
and causal comparative research models. The data were collected using Personal Information
Form developed by the researchers, Personal Cyber Security Provision Scale and Big
Five Personality Traits Scale. Pearson correlation coefficient, independent samples
t-test and one-way analysis of variance (ANOVA) were used to analyze the data. Findings
indicated that students' levels of cyber security behavior were at an acceptable
level. Moreover, while students considered themselves as agreeable, conscientious,
and open to experience, they remained neutral in deciding whether they were extroverted
and neurotic. Furthermore, the students' cyber safety behaviors showed a significant
relationship with all five factor personality dimensions, namely, openness to experience,
conscientiousness, agreeableness, neuroticism and extroversion. Openness to experience
has been identified as the personality trait with strongest relationship with cyber
security behaviors, whereas extroversion has the weakest. In addition, the students
from CEIT and computer programming departments, those in the 3rd and 4th grades,
those who received information security training and those using the internet 6-10
hours weekly were found to be more adequate in terms of cyber security behavior
levels. At the end of the study, in the light of these findings, it was
suggested to emphasize the cyber security trainings and to consider the
personality traits of the students in these trainings.

Keywords

Cyber security, big five personality traits, university students, awareness

Öğrencilerin Siber Güvenlik Davranışlarının Beş Faktör Kişilik Özellikleri ve Çeşitli Diğer Değişkenlere Göre İncelenmesi

Abstract

Bu çalışmanın amacı üniversite öğrencilerinin siber
güvenlik davranışlarının beş faktör kişilik özellikleri ve cinsiyet, sınıf düzeyi,
bölüm, bilişim güvenliği eğitimi alma durumu ve haftalık internet kullanım süresi
değişkenlerine göre incelenmesidir. Çalışmaya farklı üniversite, bölüm ve sınıflardan
420 öğrenci katılmıştır. Verilerin toplanmasında Siber Güvenliği Sağlama Ölçeği,
Beş Faktör Kişilik Özellikleri Ölçeği ve araştırmacılar tarafından geliştirilen
Kişisel Bilgi Formu kullanılmıştır. Çalışma betimsel tarama modeline göre gerçekleştirilmiştir.
Verilerin analizi Pearson korelasyon katsayısı, bağımsız örneklemler t-testi ve
tek yönlü varyans analizi (ANOVA) gibi istatistiksel teknikler kullanılarak yapılmıştır.
Çalışmadan elde edilen bulgular, öğrencilerin siber güvenlik davranış düzeylerinin
kabul edilebilir bir seviyede olduğunu göstermiştir. Ayrıca öğrenciler kendilerini
uyumlu, sorumlu ve deneyime açık kişiler olarak değerlendirirken, dışadönük ve nevrotik
oldukları konusunda kararsız bir görüş bildirmişlerdir. Öğrencilerin siber güvenlik
davranışları deneyime açıklık, sorumluluk, uyumluluk, nevrotiklik ve dışadönüklük
olmak üzere tüm beş faktör kişilik boyutlarıyla anlamlı bir ilişki sergilediğini
göstermiştir. Siber güvenlik davranışlarıyla en güçlü ilişkiye deneyime açıklık,
en zayıf ilişkiye ise dışadönüklük kişilik özelliklerinin sahip olduğu tespit edilmiştir.
Bunlara ek olarak, BÖTE ve bilgisayar programcılığı öğrencilerinin, sınıf düzeyi
açısından 3. ve 4. sınıf öğrencilerinin, bilişim güvenliği eğitimi almış olan öğrencilerin
ve haftalık 6-10 saat arası internet kullanan öğrencilerin siber güvenlik davranış
düzeyleri bakımından daha yeterli oldukları bulunmuştur. Çalışma sonunda, ulaşılan
bulgular ışığında siber güvenlik eğitimlerine ağırlık verilmesi ve öğrencilerin
kişilik özelliklerinin bu eğitimlerde dikkate alınması önerilmiştir.

Keywords

Siber güvenlik, beş faktör kişilik özellikleri, üniversite öğrencileri, farkındalık

References

• Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237-248.
• Abbasi, A., Zhang, Z., Zimbra, D., Chen, H., & Nunamaker Jr, J. F. (2010). Detecting fake websites: the contribution of statistical learning theory. MIS Quarterly, 435-461.
• Akgün, Ö. E., & Topal, M. (2015). Eğitim fakültesi son sınıf öğrencilerinin bilişim güvenliği farkındalıkları: Sakarya Üniversitesi Eğitim Fakültesi Örneği. Sakarya University Journal of Education, 5(2), 98-121.
• Anderson, C. L., & Agarwal, R. (2010). Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions. MIS quarterly, 34(3), 613-643.
• Anwar, M., He, W., Ash, I., Yuan, X., Li, L., & Xu, L. (2017). Gender difference and employees' cybersecurity behaviors. Computers in Human Behavior, 69, 437-443.
• Ayduk, O., Mendoza-Denton, R., Mischel, W., Downey, G., Peake, P. K., & Rodriguez, M. (2000). Regulating the interpersonal self: strategic self-regulation for coping with rejection sensitivity. Journal of Personality and Social Psychology, 79(5), 776.
• Bilgimi Koruyorum (2018). Bilgimi koruyorum. Erişim adresi: http://www.bilgimikoruyorum.org.tr
• BTK (2018). İnternetin güvenli ve bilinçli kullanımı eğitim programı. Erişim adresi: http://etkinlik.btk.gov.tr/etkinlik/detay/internetin_guvenli_ve_bilincli_kullanimi_egitim_programi
• Buckley, P., & Doyle, E. (2017). Individualising gamification: An investigation of the impact of learning styles and personality traits on the efficacy of gamification using a prediction market. Computers & Education, 106, 43-55.
• Carver, C. S., & Connor-Smith, J. (2010). Personality and coping. Annual Review of Psychology, 61, 679-704.
• Chen, H., Beaudoin, C. E., & Hong, T. (2017). Securing online privacy: An empirical test on Internet scam victimization, online privacy concerns, and privacy protection behaviors. Computers in Human Behavior, 70, 291-302.
• Chong, C. W., Teh, P. L., & Tan, B. C. (2014). Knowledge sharing among Malaysian universities’ students: do personality traits, class room and technological factors matter? Educational Studies, 40(1), 1-25.
• Coopers, P. (2013). Key findings from the Global State of Information Security Survey 2013 Changing the game. Erişim tarihi: https://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/2013-giss-report.pdf
• Costa, P. T., & McCrae, R. R. (1992). Four ways five factors are basic. Personality and Individual Differences, 13(6), 653-665.
• Çakır, S., & Kesler, M. (2012). Bilgisayar güvenliğini tehdit eden virüsler ve antivirüs yazılımları. XIV. Akademik Bilişim Konferansı Bildirileri içinde (s.551-558).
• Çelen, F. K., & Seferoğlu, S. S. (2016). Bilgi ve iletişim teknolojilerinin kullanımı ve etik olmayan davranışlar: sorunlar, araştırmalar ve değerlendirmeler. Journal of Computer and Education Research, 4(8), 124-153.
• Egelman, S., & Peer, E. (2015). Scaling the security wall: Developing a security behavior intentions scale (sebis). Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems içinde (s. 2873-2882).
• Erol, O., Şahin, Y. L., Yılmaz, E., & Haseski, H. İ. (2015). Kişisel siber güvenliği sağlama ölçeği geliştirme çalışması. Journal of Human Sciences, 12(2), 75-91.
• Floros, G., & Siomos, K. (2014). Excessive Internet use and personality traits. Current Behavioral Neuroscience Reports, 1(1), 19-26.
• Fraenkel, J., Wallen, N. & Hyun, H. (2012). How to design and evaluate research in education. 8th edition. Columbus, OH: McGraw-Hill.
• Furnell, S. (2008). End-user security culture: a lesson that will never be learnt? Computer Fraud & Security, 4, 6-9.
• Glass, R., Prichard, J., Lafortune, A., & Schwab, N. (2013). The influence of personality and Facebook use on student academic performance. Issues in Information Systems, 14(2), 119-126.
• Goldberg, L. R. (1990). An alternative" description of personality": the big-five factor structure. Journal of Personality and Social Psychology, 59(6), 1216-1229.Goodrich, M. T., & Tamassia, R. (2011). Introduction to computer security. Pearson.
• Gökmen, Ö. F., & Akgün, Ö. E. (2015). Bilgisayar ve Öğretim Teknolojileri Eğitimi öğretmen adaylarının bilişim güvenliği bilgilerinin çeşitli değişkenlere göre incelenmesi. Çukurova University. Faculty of Education Journal, 44(1), 61.
• Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73, 345-358.Gravetter, F. and Wallnau, L. (2014). Essentials of Statistics for the Behavioral Sciences. 8th Edition. Wadsworth, Belmont, CA.
• Gustavsson, J. P., Jönsson, E. G., Linder, J., & Weinryb, R. M. (2003). The HP5 inventory: definition and assessment of five health-relevant personality traits from a five-factor model perspective. Personality and Individual Differences, 35(1), 69-89.
• Hadlington, L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), 1-18.
• Halevi, T., Lewis, J., & Memon, N. (2013). A pilot study of cyber security and privacy related behavior and personality traits. Proceedings of the 22nd International Conference on World Wide Web içinde (s. 737-744).
• Halevi, T., Memon, N., Lewis, J., Kumaraguru, P., Arora, S., Dagar, N., & Chen, J. (2016). Cultural and psychological factors in cyber-security. Proceedings of the 18th International Conference on Information Integration and Web-based Applications and Services içinde (s. 318-324).
• Hekim, H., & Başıbüyük, O. (2013). Siber suçlar ve Türkiye’nin siber güvenlik politikaları. Uluslararası Güvenlik ve Terörizm Dergisi, 135-158.
• Internet World Stats (2018). Internet and world stats: Usage and population statistics. Erişim adresi: https://www.internetworldstats.com/stats.htm
• ISCTurkey (2018). Uluslararası bilgi güvenliği ve kriptoloji konferansı. Erişim adresi: http://www.iscturkey.org
• John, O. P., & Srivastava, S. (1999). The Big Five trait taxonomy: History, measurement, and theoretical perspectives. Handbook of personality: Theory and research, 2, 102-138.
• John, O. P., & Gross, J. J. (2004). Healthy and unhealthy emotion regulation: Personality processes, individual differences, and life span development. Journal of Personality, 72(6), 1301-1334.
• John, O. P., & Naumann, L. P. (2010). Surviving two critiques by Block? The resilient big five have emerged as the paradigm for personality trait psychology. Psychological Inquiry, 21(1), 44-49.
• Karacı, A., Akyüz, H. İ., & Bilgici, G. (2017). Üniversite öğrencilerinin siber güvenlik davranışlarının incelenmesi. Kastamonu Eğitim Dergisi, 25(6), 2079-2094.
• Karaoğlan Yılmaz, G., Yılmaz, R., & Sezer, B. (2014). Üniversite öğrencilerinin güvenli bilgi ve iletişim teknolojisi kullanım davranışları ve bilgi güvenliği eğitimine genel bir bakış. Bartın Üniversitesi Eğitim Fakültesi Dergisi, 3(1), 176-199.
• Karim, N. S. A., Zamzuri, N. H. A., & Nor, Y. M. (2009). Exploring the relationship between Internet ethics in university students and the big five model of personality. Computers & Education, 53(1), 86-93.
• Kaspersky Labs (2017). Kaspersky security bulletin. Overall statistics for 2017. Erişim adrsesi: https://securelist.com/ksb-overall-statistics-2017/83453
• Kaspersky (2018). Safety 101: Types of known threats. Erişim adresi: https://support.kaspersky.com/viruses/general/614
• Kayış, A. R., Satıcı, S. A., Yılmaz, M. F., Şimşek, D., Ceyhan, E., & Bakioğlu, F. (2016). Big five-personality trait and internet addiction: A meta-analytic review. Computers in Human Behavior, 63, 35-40.
• Keser, H., & Güldüren, C. (2015). Bilgi güvenliği farkındalık ölçeği (BGFÖ) geliştirme çalışması. Kastamonu Eğitim Dergisi, 23(3), 1167-1184.
• Kim, E. J., Namkoong, K., Ku, T., & Kim, S. J. (2008). The relationship between online game addiction and aggression, self-control and narcissistic personality traits. European Psychiatry, 23(3), 212-218.
• Landers, R. N., & Lounsbury, J. W. (2006). An investigation of Big Five and narrow personality traits in relation to Internet usage. Computers in Human Behavior, 22(2), 283-293.
• Leszczyna, R. (2013). Cost assessment of computer security activities. Computer Fraud & Security, 7, 11-16.
• Lounsbury, J. W., & Gibson, L. W. (2009). Personal Style Inventory: A personality measurement system for work and school settings. Knoxville, TN: Resource Associates Inc.
• Lounsbury, J. W., Steel, R. P., Loveland, J. M., & Gibson, L. W. (2004). An investigation of personality traits in relation to adolescent school absenteeism. Journal of Youth and Adolescence, 33(5), 457-466.
• Lynam, D. R., & Miller, J. D. (2015). Psychopathy from a basic trait perspective: The utility of a five‐factor model approach. Journal of Personality, 83(6), 611-626.
• Mamonov, S., & Benbunan-Fich, R. (2018). The impact of information security threat awareness on privacy-protective behaviors. Computers in Human Behavior, 83, 32-44.
• McBride, M., Carter, L., & Warkentin, M. (2012). Exploring the role of individual employee characteristics and personality on employee compliance with cybersecurity policies. Erişim adresi: http://sites.duke.edu/ihss/files/2011/12/CyberSecurityFinalReport-Final_mcbride-2012.pdf
• McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., & Pattinson, M. (2017). Individual differences and information security awareness. Computers in Human Behavior, 69, 151-156.
• McCrae, R. R., & Costa, P. T. (1987). Validation of the five-factor model of personality across instruments and observers. Journal of Personality and Social Psychology, 52(1), 81-90.
• McCrae, R. R., & Costa, P. T. (1997). Personality trait structure as a human universal. American Psychologist, 52(5), 509.
• McCrae, R. R., & John, O. P. (1992). An introduction to the five‐factor model and its applications. Journal of Personality, 60(2), 175-215.
• Mishna, F., Khoury-Kassabri, M., Gadalla, T., & Daciuk, J. (2012). Risk factors for involvement in cyber bullying: Victims, bullies and bully–victims. Children and Youth Services Review, 34(1), 63-70.
• Moore, R. (2014). Cybercrime: Investigating high-technology computer crime. Routledge.
• NICCS (2018). Glossary. Erişim adresi: https://niccs.us-cert.gov/glossary
• Öğütçü, G., Testik, Ö. M., & Chouseinoglou, O. (2016). Analysis of personal information security behavior and awareness. Computers & Security, 56, 83-93.
• Pabian, S., De Backer, C. J., & Vandebosch, H. (2015). Dark Triad personality traits and adolescent cyber-aggression. Personality and Individual Differences, 75, 41-46.
• Pagani, M. (2005). Encyclopedia of multimedia technology and networking. IGI Global.
• Peltier, T. R. (2006). Social engineering: Concepts and solutions. Information Systems Security, 15(5), 13-21.
• Pervin, L. A., & John, O. P. (2013). Personality: Theory and research (12th ed.). Oxford: John Wiley and Sons.
• Pusey, P., & Sadera, W. A. (2011). Cyberethics, cybersafety, and cybersecurity: Preservice teacher knowledge, preparedness, and the need for teacher education to make a difference. Journal of Digital Learning in Teacher Education, 28(2), 82-85.
• Rahim, N. H. A., Hamid, S., Mat Kiah, M. L., Shamshirband, S., & Furnell, S. (2015). A systematic review of approaches to assessing cybersecurity awareness. Kybernetes, 44(4), 606-622.
• Rezgui, Y., & Marks, A. (2008). Information security awareness in higher education: An exploratory study. Computers & Security, 27(7-8), 241-253.
• Roberts, B. W., Luo, J., Briley, D. A., Chow, P. I., Su, R., & Hill, P. L. (2017). A systematic review of personality trait change through intervention. Psychological Bulletin, 143(2), 117.
• Sasse, M. A., Brostoff, S., & Weirich, D. (2001). Transforming the ‘weakest link’—a human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3), 122-131.
• Servidio, R. (2014). Exploring the effects of demographic factors, Internet usage and personality traits on Internet addiction in a sample of Italian university students. Computers in Human Behavior, 35, 85-92.
• SGEP (2018). Siber güvenlik eğitim portalı. Erişim adresi: https://egitim.sge.gov.tr
• Shaw, R. S., Chen, C. C., Harris, A. L., & Huang, H. J. (2009). The impact of information richness on information security awareness training effectiveness. Computers & Education, 52(1), 92-100.
• Shillair, R., Cotten, S. R., Tsai, H. Y. S., Alhabash, S., LaRose, R., & Rifon, N. J. (2015). Online safety begins with you and me: Convincing Internet users to protect themselves. Computers in Human Behavior, 48, 199-207.
• Shropshire, J., Warkentin, M., Johnston, A., & Schmidt, M. (2006). Personality and IT security: An application of the five-factor model. AMCIS 2006 Proceedings içinde (s. 3443-3449).
• Sithira, V., & Nguwi, Y. Y. (2014). A study on the adolescent online security issues. International Journal of Multidisciplinary and Current Research, 2, 596-601.
• Smidt, W. (2015). Big Five personality traits as predictors of the academic success of university and college students in early childhood education. Journal of Education for Teaching, 41(4), 385-403.
• Smrtnik-Vitulić, H., & Zupančič, M. (2011). Personality traits as a predictor of academic achievement in adolescents. Educational Studies, 37(2), 127-140.
• Standage, T. (2002). The weakest link. The Economist, 365, 11-16.
• STATISTA. (2018). E-commerce worldwide - Statistics & facts. Erişim adresi: https://www.statista.com/topics/871/online-shopping
• Subramaniam, S. R. (2017). Cyber security awareness among Malaysian pre-university students. E-Proceeding of the 6th Global Summit on Education, 1-14.
• Sussman, S., McCuller, W. J., & Dent, C. W. (2003). The associations of social self-control, personality disorders, and demographics with drug use among high-risk youth. Addictive Behaviors, 28(6), 1159–1166.
• Sümer, N., Lajunen, T., & Özkan, T. (2005). Big five personality traits as the distal predictors of road accident involvement. In Underwood, G. (Eds.). Traffic and Transport Psychology, (Chapter 18). USA: Elsevier Ltd.
• Svendsen, G. B., Johnsen, J. A. K., Almås-Sørensen, L., & Vittersø, J. (2013). Personality and technology acceptance: The influence of personality factors on the core constructs of the Technology Acceptance Model. Behaviour & Information Technology, 32(4), 323-334.
• Tekerek, M., & Tekerek, A. (2013). A research on students’ information security awareness. Turkish Journal of Education, 2(3), 61-70.
• TCK (2018). Türk Ceza Kanunu. Erişim adresi: http://www.mevzuat.gov.tr/MevzuatMetin/1.5.5237.pdf
• Thompson, N., McGill, T. J., & Wang, X. (2017). “Security begins at home”: Determinants of home computer and mobile device security behavior. Computers & Security, 70, 376-391.
• Tsai, H. Y. S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N. J., & Cotten, S. R. (2016). Understanding online safety behaviors: A protection motivation theory perspective. Computers & Security, 59, 138-150.
• TÜİK (2018). Hane halkı bilişim teknolojileri kullanım araştırması, 2016. Erişim adresi: http://www.tuik.gov.tr/PreHaberBultenleri.do?id=21779
• Uffen, J., Guhr, N., & Breitner, M. (2012). Personality traits and information security management: An empirical study of information security executives. International Conference on Information Systems içinde (s. 549–566).
• Wagner, A. E., & Brooke, C. (2007). Wasting time: The mission impossible with respect to technology-oriented security approaches. Electronic Journal of Business Research Methods, 5(2), 117-124
• Warrington, C. (2017). A study of personality traits to explain employees' information security behavior among generational cohorts (Yayımlanmamış doktora tezi). Capella University, Minneapolis, Amerika Birleşik Devletleri.
• Woszczynski, A. B., Roth, P. L., & Segars, A. H. (2002). Exploring the theoretical foundations of playfulness in computer interactions. Computers in Human Behavior, 18(4), 369-388.
• Yan, Z., Robertson, T., Yan, R., Park, S. Y., Bordoff, S., Chen, Q., & Sprissler, E. (2018). Finding the weakest links in the weakest link: How well do undergraduate students make cybersecurity judgment? Computers in Human Behavior, 84, 375-382.
• Yenilmez, K. (2008). Open primary education school students’ opinions about mathematics television programmes. Turkish Online Journal of Distance Education, 9(4), 176-189.
• Zhao, H., & Seibert, S. E. (2006). The Big Five personality dimensions and entrepreneurial status: A meta-analytical review. Journal of Applied Psychology, 91(2), 259-271.