Initial validation and empirical development of the construct of computer security self-efficacy (CSSE)

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors have been identified in prior research as contributing to these inappropriate security behaviors, however, not enough is known about the role of social factors in mediating these behaviors. This study developed a new Computer Security Self-Efficacy (CSSE) construct, identified 35 highly reliable items of CSSE in the context of individuals’ use of encrypted e-mail, and identified four significant factors of CSSE. The four factors were named Performance Accomplishments and Technical Support, Goal Commitment and Resource Availability, Experience Level, and Individual Characteristics. We conclude with a discussion on limitations and recommended future research that can result from the findings of this study.