Please use this identifier to cite or link to this item:
Title: Investigation of IS professionals' intention to practise secure development of applications
Authors: Woon, I.M.Y. 
Kankanhalli, A. 
Keywords: Information security
Secure development of applications
Theory of planned behaviour
Theory of reasoned action
Issue Date: 2007
Citation: Woon, I.M.Y., Kankanhalli, A. (2007). Investigation of IS professionals' intention to practise secure development of applications. International Journal of Human Computer Studies 65 (1) : 29-41. ScholarBank@NUS Repository.
Abstract: It is well known that software errors may lead to information security vulnerabilities, the breach of which can have considerable negative impacts for organizations. Studies have found that a large percentage of security defects in e-business applications are due to design-related flaws, which could be detected and corrected during applications development. Traditional methods of managing software application vulnerabilities have often been ad hoc and inadequate. A recent approach that promises to be more effective is to incorporate security requirements as part of the application development cycle. However, there is limited practice of secure development of applications (SDA) and lack of research investigating the phenomenon. Motivated by such concerns, the goal of this research is to investigate the factors that may influence the intention of information systems (IS) professionals to practise SDA, i.e., incorporate security as part of the application development lifecycle. This study develops two models based on the widely used theory of planned behaviour (TPB) and theory of reasoned action (TRA) to explain the phenomenon. Following model operationalization, a field survey of 184 IS professionals was conducted to empirically compare the explanatory power of the TPB-based model versus the TRA-based model. Consistent with TPB and TRA predictions, attitude and subjective norm were found to significantly impact intention to practise SDA for the overall survey sample. Attitude was in turn determined by product usefulness and career usefulness of SDA, while subjective norm was determined by interpersonal influence, but not by external influence. Contrary to TPB predictions, perceived behavioural controls, conceptualized in terms of self-efficacy and facilitating conditions, had no significant effect on intention to practise SDA. Thus, a modified TRA-based model was found to offer the best explanation of behavioural intention to practise SDA. Implications for research and information security practice are suggested. © 2006 Elsevier Ltd. All rights reserved.
Source Title: International Journal of Human Computer Studies
ISSN: 10715819
DOI: 10.1016/j.ijhcs.2006.08.003
Appears in Collections:Staff Publications

Show full item record
Files in This Item:
There are no files associated with this item.


checked on Apr 6, 2020


checked on Mar 26, 2020

Page view(s)

checked on Mar 31, 2020

Google ScholarTM



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.