Date of Award

Spring 3-2019

Document Type


Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)


Computer Science

First Advisor

Wayne Pauli

Second Advisor

Scot Atkins

Third Advisor

Kim Kurz

Fourth Advisor

Christopher Olson


This explanatory sequential mixed methods study focuses on gaining an overall understanding of the potential variances in self-efficacy in information security and security practice behavior in the deaf population. Very little is understood about the deaf experience when engaging in security practices and their confidence levels in doing so. Due to the fastpaced nature of cyber security and its many facets, the human factor plays a crucial role in the success of cyber security. It is important to understand the potential implications of variances that may affect a deaf end-user’s security practice behavior to be able to provide more effective security awareness programs.

By using a two-pronged approach, further insight is gained on the potential variances in self-efficacy in information security and the resultant security practice behavior. Starting with a broad quantitative survey that measures an end-user’s self-efficacy, behavioral intention, security practice with technology, and security practice conscious care behavior. In the first phase, data is collected to identify variances when compared hearing end-users allows for a greater understanding of what unique areas of weaknesses may need to be addressed. The second phase consisted of phenomenological semi-structured interviews that are held with deaf end-users that have indicated variances in self-efficacy in information security and security practice behavior. The intent of the interviews was to capture the essence of the deaf end-user’s lived experiences when engaging with security practice behavior.

Through extensive data analysis of 228 responses from 119 deaf participants and 109 hearing participants, all three null hypotheses in this first phase of the study were rejected. It was concluded that deaf end-users had significantly higher SEIS while having a significantly lower behavioral intention, security practice – technology, and security practice – conscious vii care behavior than hearing end-users. It was also concluded in the first phase that a positive SEIS corresponds to improved security practice behavior for both deaf and hearing end-users.

In-depth semi-structured interviews of 10 deaf end-users who indicated a variance in self-efficacy in information security and security practice behavior allowed for the identification of essential themes. These themes were derived from coded analysis of the interviews: (1) Deaf-Specific Barriers; (2) Digital Literacy; (3) Positive Security Intention; (4) Reliance on Technology; (5) Poor Security Knowledge; (6) Poor Security Behavior; (7) Having a Support Network. These identified themes were prevalent among all deaf end-users of varying demographics and backgrounds.

The impact of this study is to highlight the need for the development of tailored and accessible cyber security awareness programs for deaf end-users to address the significantly lower security practice behavior in comparison to hearing end-users. The identification of a such variance and understanding the lived experiences that lead to such behavior raises the need for additional research into the full scope of impact on deaf end-users’ security practice behavior and how to best address the concerns.