Exploring end-user smartphone security awareness within a South African context

Jacques Ophoff; Mark Robinson

doi:10.1109/ISSA.2014.6950500

Exploring end-user smartphone security awareness within a South African context

Jacques Ophoff^*, Mark Robinson

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

20 Citations (Scopus)

Abstract

International research has shown that users arecomplacent when it comes to smartphone security behaviour.This is contradictory, as users perceive data stored on the'smart' devices to be private and worth protecting. Traditionallyless attention is paid to human factors compared to technicalsecurity controls (such as firewalls and antivirus), but there is acrucial need to analyse human aspects as technology alone cannotdeliver complete security solutions. Increasing a user's knowledgecan improve compliance with good security practices, but fortrainers and educators to create meaningful security awarenessmaterials they must have a thorough understanding of users'existing behaviours, misconceptions and general attitude towardssmartphone security.

The primary purpose of this research was to assess thelevel of smartphone security awareness displayed by the public,determining whether a general level of security complacencyexists amongst smartphone users. The study was undertaken ina South African context (a multi-cultural developing nation) andincluded demographics as a variable in assessing any differencesin smartphone security awareness between population groups. Amodified version of the instrument developed by [1) was used.

A survey of 619 South African users examined trust ofsmartphone application repositories, users' considerations wheninstalling new applications and their use of protection mechanisms (security controls). The sample proved complacent intheir smartphone security behaviours with users displaying highlevels of trust towards smartphone application repositories, rarelyconsidering privacy and security considerations when installingnew applications and also not adequately protecting themselvesthrough adopting smartphone protection mechanisms (controls).The research did not find any conclusive associations to suggestthat a user's home language impacts their information securitybehaviour or trust. However, an association between IT expertiseand the adoption of smartphone security controls was found.

Original language	English
Title of host publication	2014 Information Security for South Africa
Subtitle of host publication	proceedings of the ISSA 2014 conference
Editors	Hein S Venter, Marianne Loock, Marijke Coetzee, Mariki M Eloff
Publisher	IEEE
Pages	95-101
Number of pages	7
ISBN (Electronic)	9781479933846, 9781479933839
ISBN (Print)	9781479933853
DOIs	https://doi.org/10.1109/ISSA.2014.6950500
Publication status	Published - 14 Nov 2014
Externally published	Yes
Event	13th Annual Conference on Information Security for South Africa - Radisson Blu Gautrain Hotel, Johannesburg, South Africa Duration: 13 Aug 2014 → 14 Aug 2014 Conference number: 13th http://web.archive.org/web/20140516184828/http://infosecsa.co.za/

Publication series

Name
Publisher	IEEE
ISSN (Print)	2330-9881

Conference

Conference	13th Annual Conference on Information Security for South Africa
Abbreviated title	ISSA 2014
Country/Territory	South Africa
City	Johannesburg
Period	13/08/14 → 14/08/14
Internet address	http://web.archive.org/web/20140516184828/http://infosecsa.co.za/

Access to Document

10.1109/ISSA.2014.6950500

Jacques Ophoff
- j.ophoff@abertay.ac.uk
- SDI - Cyber Security - Senior Lecturer
Person: Academic

Cite this

@inproceedings{be1927e203904e15859dedc155369c74,

title = "Exploring end-user smartphone security awareness within a South African context",

abstract = " International research has shown that users arecomplacent when it comes to smartphone security behaviour.This is contradictory, as users perceive data stored on the'smart' devices to be private and worth protecting. Traditionallyless attention is paid to human factors compared to technicalsecurity controls (such as firewalls and antivirus), but there is acrucial need to analyse human aspects as technology alone cannotdeliver complete security solutions. Increasing a user's knowledgecan improve compliance with good security practices, but fortrainers and educators to create meaningful security awarenessmaterials they must have a thorough understanding of users'existing behaviours, misconceptions and general attitude towardssmartphone security. The primary purpose of this research was to assess thelevel of smartphone security awareness displayed by the public,determining whether a general level of security complacencyexists amongst smartphone users. The study was undertaken ina South African context (a multi-cultural developing nation) andincluded demographics as a variable in assessing any differencesin smartphone security awareness between population groups. Amodified version of the instrument developed by [1) was used. A survey of 619 South African users examined trust ofsmartphone application repositories, users' considerations wheninstalling new applications and their use of protection mechanisms (security controls). The sample proved complacent intheir smartphone security behaviours with users displaying highlevels of trust towards smartphone application repositories, rarelyconsidering privacy and security considerations when installingnew applications and also not adequately protecting themselvesthrough adopting smartphone protection mechanisms (controls).The research did not find any conclusive associations to suggestthat a user's home language impacts their information securitybehaviour or trust. However, an association between IT expertiseand the adoption of smartphone security controls was found.",

author = "Jacques Ophoff and Mark Robinson",

year = "2014",

month = nov,

day = "14",

doi = "10.1109/ISSA.2014.6950500",

language = "English",

isbn = "9781479933853",

publisher = "IEEE ",

pages = "95--101",

editor = "Venter, {Hein S} and Marianne Loock and Marijke Coetzee and Eloff, {Mariki M}",

booktitle = "2014 Information Security for South Africa",

note = "13th Annual Conference on Information Security for South Africa, ISSA 2014 ; Conference date: 13-08-2014 Through 14-08-2014",

url = "http://web.archive.org/web/20140516184828/http://infosecsa.co.za/",

}

Ophoff, J & Robinson, M 2014, Exploring end-user smartphone security awareness within a South African context. in HS Venter, M Loock, M Coetzee & MM Eloff (eds), 2014 Information Security for South Africa: proceedings of the ISSA 2014 conference., 6950500, IEEE , pp. 95-101, 13th Annual Conference on Information Security for South Africa, Johannesburg, South Africa, 13/08/14. https://doi.org/10.1109/ISSA.2014.6950500

Exploring end-user smartphone security awareness within a South African context. / Ophoff, Jacques; Robinson, Mark.

2014 Information Security for South Africa: proceedings of the ISSA 2014 conference. ed. / Hein S Venter; Marianne Loock; Marijke Coetzee; Mariki M Eloff. IEEE , 2014. p. 95-101 6950500.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Exploring end-user smartphone security awareness within a South African context

AU - Ophoff, Jacques

AU - Robinson, Mark

N1 - Conference code: 13th

PY - 2014/11/14

Y1 - 2014/11/14

N2 - International research has shown that users arecomplacent when it comes to smartphone security behaviour.This is contradictory, as users perceive data stored on the'smart' devices to be private and worth protecting. Traditionallyless attention is paid to human factors compared to technicalsecurity controls (such as firewalls and antivirus), but there is acrucial need to analyse human aspects as technology alone cannotdeliver complete security solutions. Increasing a user's knowledgecan improve compliance with good security practices, but fortrainers and educators to create meaningful security awarenessmaterials they must have a thorough understanding of users'existing behaviours, misconceptions and general attitude towardssmartphone security. The primary purpose of this research was to assess thelevel of smartphone security awareness displayed by the public,determining whether a general level of security complacencyexists amongst smartphone users. The study was undertaken ina South African context (a multi-cultural developing nation) andincluded demographics as a variable in assessing any differencesin smartphone security awareness between population groups. Amodified version of the instrument developed by [1) was used. A survey of 619 South African users examined trust ofsmartphone application repositories, users' considerations wheninstalling new applications and their use of protection mechanisms (security controls). The sample proved complacent intheir smartphone security behaviours with users displaying highlevels of trust towards smartphone application repositories, rarelyconsidering privacy and security considerations when installingnew applications and also not adequately protecting themselvesthrough adopting smartphone protection mechanisms (controls).The research did not find any conclusive associations to suggestthat a user's home language impacts their information securitybehaviour or trust. However, an association between IT expertiseand the adoption of smartphone security controls was found.

AB - International research has shown that users arecomplacent when it comes to smartphone security behaviour.This is contradictory, as users perceive data stored on the'smart' devices to be private and worth protecting. Traditionallyless attention is paid to human factors compared to technicalsecurity controls (such as firewalls and antivirus), but there is acrucial need to analyse human aspects as technology alone cannotdeliver complete security solutions. Increasing a user's knowledgecan improve compliance with good security practices, but fortrainers and educators to create meaningful security awarenessmaterials they must have a thorough understanding of users'existing behaviours, misconceptions and general attitude towardssmartphone security. The primary purpose of this research was to assess thelevel of smartphone security awareness displayed by the public,determining whether a general level of security complacencyexists amongst smartphone users. The study was undertaken ina South African context (a multi-cultural developing nation) andincluded demographics as a variable in assessing any differencesin smartphone security awareness between population groups. Amodified version of the instrument developed by [1) was used. A survey of 619 South African users examined trust ofsmartphone application repositories, users' considerations wheninstalling new applications and their use of protection mechanisms (security controls). The sample proved complacent intheir smartphone security behaviours with users displaying highlevels of trust towards smartphone application repositories, rarelyconsidering privacy and security considerations when installingnew applications and also not adequately protecting themselvesthrough adopting smartphone protection mechanisms (controls).The research did not find any conclusive associations to suggestthat a user's home language impacts their information securitybehaviour or trust. However, an association between IT expertiseand the adoption of smartphone security controls was found.

U2 - 10.1109/ISSA.2014.6950500

DO - 10.1109/ISSA.2014.6950500

M3 - Conference contribution

AN - SCOPUS:84913622314

SN - 9781479933853

SP - 95

EP - 101

BT - 2014 Information Security for South Africa

A2 - Venter, Hein S

A2 - Loock, Marianne

A2 - Coetzee, Marijke

A2 - Eloff, Mariki M

PB - IEEE

T2 - 13th Annual Conference on Information Security for South Africa

Y2 - 13 August 2014 through 14 August 2014

ER -

Exploring end-user smartphone security awareness within a South African context

Abstract

Publication series

Conference

Access to Document

Fingerprint

Profiles

Jacques Ophoff

Cite this