•  
  •  
 

Abstract

Cybersecurity is a worldwide issue and concern. Prior studies indicate that many people do not use cybersecurity best practices. Although these prior studies used large-scale surveys or interviews, this study used Q methodology [Q] because Q provides greater insight than Likert-format surveys. In fact, Q was created to scientifically study subjectivity. Within a Q study, various stages as well as philosophical, epistemological, and ontological principles represent a complete methodology. At first, Q researchers collect items that represent the broad range of communications about the topic (called the concourse). Although the items can be pictures, scents, or other means of communication, statements are the most common. Q researchers reduce the items of the concourse to create the Q-sample while preserving the range of communications. Subsequently, participants sort these items into a grid to provide a snapshot of their viewpoint on the topic. Statistical analysis reveals the multiple, diverse viewpoints in a way that allows for detailed descriptions of those views. In this study, the researchers collected statements about cybersecurity. Students in technical degree programs, including computer information systems (CIS), sorted these statements into a grid with a range of “most like my view” to “most unlike my view” of cybersecurity. Items placed on the extreme ends of this grid represent those statements most salient with each student’s views. Analyses revealed three divergent viewpoints: 1) Cybersecurity best practices, 2) No worries, and 3) No sense of urgency. Although the CIS majors identified with View 1, the other technical degree program students were represented across all three views. Certainly, students who hold the No worries and No sense of urgency viewpoints are unprepared to deal with cybersecurity issues in the workplace. The descriptions of these views have implications for cybersecurity course and program development, including assessments. Additionally, this study’s outcomes indicate a need to replicate this investigation in other settings to estimate risk of employees introducing cyber threats at their workplace. Similarly, these outcomes have implications for workforce development training regarding improved cybersecurity viewpoints and, therefore, behaviors.

Share

COinS