Psychological theories and their applicability in resolving issues with unauthorised computer access

Howard, Angela A. M. (2011) Psychological theories and their applicability in resolving issues with unauthorised computer access. [Thesis (PhD/Research)]

[img] Text (Introductory Pages)
Howard_2011_front.pdf

Download (179Kb)
[img] Text (Whole Thesis)
Howard_2011_whole.pdf

Download (2291Kb)

Abstract

Literature has shown that technical solutions are not completely successful in securing information systems from intruders. Previous attempts to develop hacker profiles are still incomplete and time consuming to apply. Prior studies in social engineering and expectancy theory have shown that they can address some of the issues organisations are encountering, especially in employees disclosing sensitive organisational data. Therefore, using these studies in an organisational context may provide clues to how the disclosure of information can be contained. This aspect was posited in the main research question:

How can education affect the process of preventing social engineering to minimise the success of unauthorised intrusion?

While answering the main research question, due to time constraints, this study focussed only on social engineering as the main cause of disclosing organisational data. This aspect was determined using psychological theories and their applicability in resolving issues with unauthorised computer access. Qualitative approach was used as the main data collection technique and two focus groups were employed in collecting data. The University of Southern Queensland was used as the case organisation and suitable samples were drawn for a 2 x 90‐minute focus group sessions. The qualitative data were analysed using two prominent text analysis applications, namely, Leximancer 3.5 and NVivo 8.

This qualitative data analysis identified 5 crucial themes. These themes are security awareness, unauthorised access, social engineering, policies and procedures, and education. It is inferred from the data that changes in the way policies and procedures implemented can have marked improvement in security aspects, especially in containing the leakage of organisational data. Thus, this research can assert that a change in policies and procedures can have an impact on unauthorised access.

New findings of the study include that staff are proactively looking for more secure ways in their processing and creating new procedures as they go, and that there seems to be a disconnect between access to information systems and the organisational data. Future research can expand on the model created for this research and focus on expectancy theory as well as quantitative methodology so that outcomes can be generalised.


Statistics for USQ ePrint 22734
Statistics for this ePrint Item
Item Type: Thesis (PhD/Research)
Item Status: Live Archive
Additional Information: Master of Business Research thesis.
Faculty / Department / School: Historic - Faculty of Business and Law - School of Information Systems
Supervisors: Gururajan, Raj; Hafeez-Baig, Abdul
Date Deposited: 15 Jan 2013 05:57
Last Modified: 01 Aug 2016 02:49
Uncontrolled Keywords: unauthorised computer access; psychological theories; applicability; University of Southern Queensland;
Fields of Research : 08 Information and Computing Sciences > 0899 Other Information and Computing Sciences > 089999 Information and Computing Sciences not elsewhere classified
URI: http://eprints.usq.edu.au/id/eprint/22734

Actions (login required)

View Item Archive Repository Staff Only