Information security awareness and behaviour: of trained and untrained home users in Sweden.

Sammanfattning: Today we live in an information society that is constantly growing in terms of the amount of information that are processed, stored, and communicated. Information security is a field that is of concern for both the individual and the society as a whole, as both groups are exposed to information every day. A society like this will demand more emphasis on information security. Previous researchers that has addressed this problem argues that security awareness is the most significant factor in order to raise the general security level. They also mention education as a solution to increase the security awareness and thereby achieve a secure environment. The aim of this thesis is to examine the differences between trained and untrained home users in security awareness and behaviour. The research was conducted, using a quantitative method in form of a survey research with the distribution of self-completion questionnaires. The study has a total of 162 respondents that participated. The result was presented and analysed through the use of the software program, IBM SPSS. The results of the findings suggest that the awareness of the trained home users is higher than of those who are untrained home users. Additionally, the discussion suggests that the home users who have participated in awareness raising initiatives, such as education and training, does not necessarily apply more security measures in their home environment, than those who are regarded as untrained home users. Hence, this study suggests that the increase in awareness may not necessarily be the only factor that affects the user’s behaviour, since those who have not participated in awareness raising initiatives applies security measures, almost to the same extent to those who have. This thesis might be able to act as a foundation for future research within the field, considering that the research is a comparative study between trained and untrained home users of the variables security awareness and behaviour where the found results, does not fully agree with previous research. However, an increase in awareness is a good start, but may need to be paired with appropriate training from other parties, such as internet service providers (ISPs) and banks. Maybe the solution could be to develop and strive for a continuous information security culture of the Swedish society, which may result in a deeper learning and understanding of security issues and inspire home users to be engaged and proactive about their information security behaviour.