Perception of information security

The objective of this study was to investigate people’s perception of information security and to unveil the factors that influence people’s perception of different threats to information security. In the survey study, 602 respondents were asked to evaluate one of 21 common threats to information security with regard to its rank related to each of the 20 threat-related features. An exploratory factor analysis was then conducted, and a six-factor structure was derived, which includes factors of Knowledge, Impact, Severity, Controllability, Possibility and Awareness. Using this factor structure, the characteristics of the five most dangerous threats (hackers, worms, viruses, Trojan horses and backdoor programs) and the five least dangerous threats (spam, piratical software, operation accidents, users’ online behaviour being recorded and deviation in quality of service) were discussed and compared. The relationships between the factors and the perceived overall danger of threats were found and then tested by multiple regression analyses. Significant effects were also found in people’s perception of information security related to computer experience and types of loss