Examining the End-user Perspective of Personal Computer Security: A Qualitative Q Methodology Study

摘要

The Personal Computer is one of the most versatile inventions of the modern world. From its introduction in the 1980s, businesses have used these devices to perform everything from routine administrative tasks to complex engineering activities. Without proper attention to the security, companies put their ongoing operations and data at risk of theft, alteration, or destruction. Employees using personal computing systems are the primary gatekeepers of intellectual property and at the same time are the source of most data breaches. The purpose of this study was to analyze attitudes and behavioral patterns of end-users who repeatedly fall victim to simulated phishing attacks. Using a Q-Methodology approach, participants rated their level of agreement or disagreement of statements collected from research about end-user attitude and training towards computer security. Analysis of participant responses yielded three factors that demonstrated a pattern of behavior and opinion and categorized participants into three groups; gatekeepers, oblivions, and conformists. Analysis of the three group's alignment with the studies research questions reveals that although all groups are well trained in computer security procedure and policy, two of the groups demonstrate deficiency in recognizing cyber risk and understanding how to protect against the threat. For companies to be secure, the end-user must view themselves as the primary gatekeeper to protect intellectual property. Technology can be circumvented, passwords can be compromised, and systems can be penetrated. The most effective method therefore to combat cyber threat is to create a culture of vigilance that every end-user understands, accepts, and embraces as their primary responsibility.