With the expanding use of internet information systems, security has become a more important issue than ever. Organisations are introducing new security measures in order to protect their systems and as well as their customers.

The overall aim of this research is to understand how risk perception, trust and credibility relate to each other and how and why all of these concepts are related to information systems security. In this research risk is defined as perception rather than by quantitative methods. My argument is that information security is less important when individuals deal with a trustworthy and credible institution. To develop this argument I have adapted and interpreted cultural theory and risk communication model that originate from social sciences. Based on these models I developed and further modified a trust analysis framework. This framework is used as a theoretical base for the collection and analysis of data of both the case study and the survey. The case study focuses on an international bank in the U.K. The research methodology adopts an interpretive approach as the mode of inquiry. The case study addresses the issues on the social and organisational aspects of the implementation of internet banking product. The application of the theoretical framework contributes to understanding change in risk perception, and the issues of trust and credibility during project implementation by linking data to the theory. A survey with the bank’s customers is conducted to obtain complementary empirical evidence to understand better how trust and credibility relate to information systems security.

The thesis concludes that the users of an information system perceive risks based on trust and credibility they assign to the supplier of information and disregard the security measures taken by that supplier.