Date of Award

May 2020

Degree Type


Degree Name

Doctor of Philosophy (PhD)


School of Information Studies


Joon S. Park

Second Advisor

Young Moon


cyber security, human factors, information security, past performance, security intentions, self-efficacy

Subject Categories

Social and Behavioral Sciences


This study explored potential human factors predictors of home user security intentions through the lens of past performance, perceived self-efficacy, and locus of control. While perceived self-efficacy and locus of control are elements in several organizational and individual security models, past performance has been less frequently studied. The variable, past performance, which has been referred to in other studies as prior experience, knowledge, and information security awareness, is usually a single question self-assessment of familiarity or comfort with technology. This study explores user technical prowess in further depth, using formal technical education, informal technical education, employment in an IT/CS field, and self-reported email and internet security measures as a measurement of technical ability. Security intentions were determined by best practices in hardware security, network security, and IoT device protection.

Studying IoT security in home users is important because there are 26.6 billion devices connected to the Internet already, with 127 devices are being added to the network every second, which creates a very large attack surface if left unsecured. Unlike organizations, with dedicated IT departments, home users must provide their own security within their network. Instead of building security around the user, this research attempts to determine what human factors variables effect intentions to use existing security technologies. Through an online survey, home users provided information on their background, device usage, perceived ability to perform security behaviors, level of control over their environment, current security intentions, and future security intentions.

Hierarchical linear regression, path modeling, and structural equation modeling determined that past performance was consistently the strongest predictor of security intentions for home users. Self-efficacy and locus of control had varying results among the disparate methods. Additionally, exposure to security concepts through the survey had an effect on user security intentions, as measured at the end of the survey.

This research contributed an initial model for the effects of past performance, self-efficacy, and locus of control on security intentions. It provided verification for existing self-efficacy and locus of control measurements, as well as comprehensive, modular security intentions survey questions. Additionally, this study provided insight into the effect of demographics on security intentions.


Open Access