Studying Information Security Behaviour among Students in Tertiary Institutions

Abstract: There is ever increasing growth of information systems and technology in terms pervasiveness and capacity and it has brought opportunity for students to have access to information to aid their studies and personal growth in their profession. It is true that academic institutions prepare students for their professional career but training and awareness on information security is not the priority of academic institutions as they perceive that employers will do that. Thus this study found it important to investigate the underlying factors that drive students to practice safe security behaviour. With this knowledge in mind, the study uses health belief model which has been used extensively in the health domain. A measurement instrument was developed based on health and information security research. Data was collected from 258 students from two public universities in Ghana and was analysed using Structural Equation model (SEM) analysis. Results show that, perceived severity, perceived benefits, cues to action and self-efficacy are determinants of information security behaviour with respect to downloading files from the internet. However when perceived susceptibility is moderated by security experience, it became significant. Self-efficacy was also significant when moderated with security experience. Theoretical and practical implications of the research were discussed.