Computer security and risky computing practices: A rational choice perspective

Kregg Aytes, Terry Connolly

Research output: Chapter in Book/Report/Conference proceedingChapter

8 Scopus citations


Despite rapid technological advances in computer hardware and software, insecure behavior by individual computer users continues to be a significant source of direct cost and productivity loss. Why do individuals, many of whom are aware of the possible grave consequences of low-level insecure behaviors such as failure to backup work and disclosing passwords, continue to engage in unsafe computing practices? In this chapter we propose a conceptual model of this behavior as the outcome of a boundedly rational choice process. We explore this model in a survey of undergraduate students (N = 167) at two large public universities. We asked about the frequency with which they engaged in five commonplace but unsafe computing practices, and probed their decision processes with regard to these practices. Although our respondents saw themselves as knowledgeable, competent users and were broadly aware that serious consequences were quite likely to result, they reported frequent unsafe computing behaviors. We discuss the implications of these findings both for further research on risky computing practices and for training and enforcement policies that will be needed in the organizations that these students will be entering shortly.

Original languageEnglish (US)
Title of host publicationAdvanced Topics in End User Computing
PublisherIGI Global
Number of pages23
ISBN (Print)9781591404743
StatePublished - 2005
Externally publishedYes

ASJC Scopus subject areas

  • Computer Science(all)
  • Social Sciences(all)


Dive into the research topics of 'Computer security and risky computing practices: A rational choice perspective'. Together they form a unique fingerprint.

Cite this