Cyber hygiene: The concept, its measure, and its initial tests

https://doi.org/10.1016/j.dss.2019.113160Get rights and content

Highlights

  • Research empirically conceptualizes cyber hygiene.

  • Research develop first ever multidimensional measure for cyber hygiene.

  • Research establishes scale validity and demonstrates the value of cyber hygiene.

Abstract

While policy makers to cyber security experts call for improving cyber hygiene, no one really knows what it means. In fact, there exists no scholarly research explicating the concept or its measurement. This research makes an important contribution by conceptualizing cyber hygiene, operationalizing it, empirically identifying its sub-dimensions, and developing an inventory for it. The research achieves this with a mixed-methods approach, where using a combination of experts and a convenience sample of Internet users, it develops the initial items reflecting the construct, empirically refines the items, confirms its dimensions, and validates its fit. The outcome is an 18-item Cyber Hygiene Inventory (CHI) that measures five distinct dimensions of user cyber hygiene. Finally, the research demonstrates why cyber hygiene matters. Using the CHI it shows how cyber hygiene significantly predicts aspects of human cyber interaction that are pivotal to cyber safety including user self-beliefs about technology, how they cognitively process information online, and their online banking behavior.

Section snippets

Defining cyber hygiene

Cyber hygiene draws from the concept of personal hygiene from the public health literature. In a major report examining cyber hygiene practices across various nations, the European Union Agency for Network and Information Security (ENISA) stated that “cyber hygiene should be viewed in the same manner as personal hygiene and, once properly integrated into an organization will be simple daily routines, good behaviors and occasional checkups to make sure the organizations online health is in

Operational definition of cyber hygiene

When it comes to personal hygiene, individuals do not need to understand disease transmission in order to enact it. For instance, people do not need to know how disease transmission occurs in order to know to cover their mouths when sneezing. This is because understanding the specifics of how various diseases are transmitted is far too complex and unnecessary for most users who need to simply be aware of the need to enact the hygiene practice.

Furthermore, from a public health point of view,

Concept mapping

Concept mapping is a mixed-method, statistical approach for measuring and understanding complex, multi-faceted phenomena [13]. The methodology has been applied in business, urban planning, and healthcare research for visualizing the conceptual relationship between different constructs, empirically developing their measures, and studying complex phenomenon [13,14,22,23]. The overall approach borrows from the traditional Likert scale development approach for the development of items lists, but

Overall discussion

The research derived a conceptual definition of cyber hygiene and, using a series of studies, empirically developed the first-ever Cyber Hygiene Inventory (CHI) measuring general Internet user cyber hygiene. The final 18 items, encompassing five dimensions of cyber hygiene, measure users' cognitive associations between different online actions and the extent to which the individual is aware of them.

The research makes the following three major contributions to the science of cyber security.

Arun Vishwanath, Ph.D., MBA, is leading expert on the “people problems” of cyber security. He is an alumnus of the Berkman Klein Center at Harvard University and has held faculty appointments at Indiana University, Bloomington, and the University at Buffalo.Arun has authored close to fifty peer-reviewed research papers on the science of cyber security and has contributed opinion pieces on CNN, The Washington Post, and other media. He has also been quoted in leading outlets such as Wired

References (38)

  • Fazzlnl, K. (2018, July 16). How the Russians Broke Into the Democrats' Email, and How It Could Have Been Avoided....
  • Bodkin, H., Henderson, B., Donnelly, L., Mendick, R., Farmer, B., & Graham, C. (2017, May 13). Government Under...
  • Wyden (2018, July 25). Untitled Letter. United States Senate. Retrieved from...
  • J. Marks

    Obama's cyber legacy: He did (almost) everything right and it still turned out wrong

  • Good Cyber Hygiene. (n.d.), Symantec. Retrieved form...
  • Practice these 10 basic cyber hygiene tips for risk mitigation (2017, May 4), SentinelOne. Retrieved from...
  • M. Souppaya et al.

    Critical cybersecurity hygiene: patching the enterprise

  • European Commission

    #SaferInternet4EU campaign [Brochure]

  • Notice on cyber hygiene: Consultation paper PO14 (2018, September). Monetary Authority of Singapore. Retrieved from...
  • Cited by (45)

    • Measuring cyber secure behavior of elementary and high school students in the Netherlands

      2022, Computers and Education
      Citation Excerpt :

      However, there is no clear definition of this term in academic research (Vishwanath et al., 2020). The present research is based on an adapted version of the definition of Vishwanath et al. (2020, ): Cyber secure behavior concerns “the cyber security practices that online consumers should adopt to protect the safety and integrity of their personal information and their employer's information on their internet-enabled devices from being compromised in a cyber-attack”. Cyber security is a broad concept.

    View all citing articles on Scopus

    Arun Vishwanath, Ph.D., MBA, is leading expert on the “people problems” of cyber security. He is an alumnus of the Berkman Klein Center at Harvard University and has held faculty appointments at Indiana University, Bloomington, and the University at Buffalo.Arun has authored close to fifty peer-reviewed research papers on the science of cyber security and has contributed opinion pieces on CNN, The Washington Post, and other media. He has also been quoted in leading outlets such as Wired Magazine, USA Today, Politico, Scientific American, Chicago Tribune, and others.

    View full text