Identifying Behavioral Constructs in Relation to User Cybersecurity Behavior (original) (raw)

IEEE Access, 2020

Theoretical and empirical insight notes that cyber security awareness is a topic of particular interest in cyber security. Humans are the central figures in cyber security and the way to reduce risk in cyberspace is to make people more security aware. While there have been numerous studies about various aspects of cyber security awareness, they are both inconsistent and environment-dependent. The main aim of our research is to analyze cyber security awareness in depth, and to try to discover how various factors such as socio-demographics, cyber security perceptions, previous cyber security breaches, IT usage, and knowledge may individually or together impact on cyber security behavior. To prove that we conducted our research on students, as they are the most technologically active part of the society. We discovered that knowledge proved to be the dominant factor for cyber security awareness, and although students are digital natives, they do not feel safe in the cyber environment; they do not behave securely and do not have adequate knowledge to protect themselves in cyberspace. INDEX TERMS Cyber security, cyber security behaviours, cyber security breaches, cyber security perception, knowledge, user awareness.

A Research Model for Investigating Human Behavior Related to Computer Security

2003

Computer security issues have typically been approached from the perspective of building technical countermeasures to reduce risk. Recently, researchers have recognized that computer users play an important role in ensuring secure systems by implementing those technical countermeasures. As a means of encouraging safe computing practice, user training and awareness have been touted. However, simply providing training and awareness does not ensure that users will always use safe practices. This paper introduces a model of user behavior that emphasizes the factors relating to the user's perception of risk and the choice based on that perception. As research in progress, we also briefly describe an ongoing study to further investigate this model. We will present results from this study at the conference.

Cybersecurity Behaviour: A Conceptual Taxonomy

Information Security Theory and Practice, 2019

User cybersecurity behaviour is a concern for organisations as well as home users. This is because cyber-criminals have made a shift from targeting security systems to targeting the users of the systems. As a result, an increasing number of studies have been conducted in efforts to understand user cybersecurity behaviour. The advantage in understanding user behaviour is that researchers and security practitioners can apply this knowledge and begin to change behaviour to benefit cybersecurity. Different studies have categorised similar cybersecurity behaviours, however the naming conventions differ across studies. This brings out the first contribution of the paper, unified terminology for the cybersecurity behaviour. Secondly, most studies were conducted in an organisational setting. User behaviour in other environments is yet to be identified and categorised. The second contribution of this study is the identification and categorisation of home user cybersecurity behaviour. The identification and classification of more cybersecurity behaviour is aimed to have a positive impact in the creation of strategic interventions to change and maintain good cybersecurity behaviour.

Explaining Users Security Behavior with the Security Belief Model

Journal of Organizational Computing and Electronic Commerce, 2014

Information security is often viewed as a technological matter. However, security professionals will readily admit that without safe practices by users, no amount or type of technology will be effective at preventing unauthorized intrusions. By paralleling the practices of information security and health prevention, a rationale for employing constructs from existing models of health behavior is established. A comprehensive and parsimonious model (the Security Belief Model) is developed to explain information security behavior intentions. The model is tested empirically based on a sample of 237 Indian professionals. The results of the empirical study indicate general support for the model, particularly including severity, susceptibility, benefits, and a cue to action as antecedents to the intention to perform preventive information security behaviors. The paper also discusses implications of the model and results for practitioners and possibilities for future research are included.

Individual Differences on Conservative and Risky Behaviors about Information Security

Bilişim Teknolojileri Dergisi, 2021

In order to provide information security; hardware and software solutions are widely used; research and development endeavors increases day by day and huge amounts of investments are made. However, these attempts still cannot stop information systems’ to be compromised because of the holes in the human firewall caused by vulnerable behaviors of individuals. Even though individuals have knowledge about information security, they do not always show appropriate behavior. Hence information security is not a problem that can only be solved with technological solutions. As being the weakest link, human behavior on information security needs to be evaluated and assessed. With this study it was aimed to examine the relationship between conservative and risky behaviors of individuals about information security and individual differences which are demographics, internet usage routines, personality, risk perception and exposure to offense. Behaviors and individual difference variables were exa...

Explaining Users' Security Behaviors with the Security Belief Model

Journal of Organizational and End User Computing, 2014

WHAT INFLUENCES INFORMATION SECURITY BEHAVIOR? A STUDY WITH BRAZILIAN USERS

JISTEM - Journal of Information Systems and Technology Management , 2016

The popularization of software to mitigate Information Security threats can produce an exaggerated notion about its full effectiveness in the elimination of any threat. This situation can result reckless users behavior, increasing vulnerability. Based on behavioral theories, a theoretical model and hypotheses were developed to understand the extent to which human perception of threat, control and disgruntlement can induce responsible behavior. A self-administered questionnaire was created and validated. The data were collected in Brazil, and complementary results regarding similar studies conducted in USA were found. The results show that there is an influence of information security orientations provided by organizations in the perception about severity of the threat. The relationship between threat, effort, control and disgruntlement, and the responsible behavior towards information security was verified through linear regression. The results also point out the significant influence of the analyzed construct on Safe Behavior. The contributions involve relatively new concepts in the field and a new research instrument as well. For the practitioners, this study highlights the importance of Perceived Severity and Perceived Susceptibility in the formulation of the content of Information Security awareness guidelines within organizations. Moreover, users' disgruntlement with the organization, colleagues or superiors is a factor to be considered in the awareness programs.

An Extended Perspective on Individual Security Behaviors

ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 2014

Security threats regularly affect users of home computers. As such, it is important to understand the practices of users for protecting their computers and networks, and to identify determinants of these practices. Several recent studies utilize Protection Motivation Theory (PMT) to explore these practices. However, these studies focus on one specific security protection behavior or on intentions to use a generic measure of security protection tools or techniques (practices). In contrast, this study empirically tests the effectiveness of PMT to explain a newly developed measure for collectively capturing several individual security practices. The results show that PMT explains an important portion of the variance in the unified security practices measure, and demonstrates the importance of explaining individual security practices as a whole as opposed to one particular behavior individually. Implications of the study for research and practice are discussed.

Exploring the Frontiers of Cybersecurity Behavior: A Systematic Review of Studies and Theories

Applied Sciences

Cybersecurity procedures and policies are prevalent countermeasures for protecting organizations from cybercrimes and security incidents. Without considering human behaviors, implementing these countermeasures will remain useless. Cybersecurity behavior has gained much attention in recent years. However, a systematic review that provides extensive insights into cybersecurity behavior through different technologies and services and covers various directions in large-scale research remains lacking. Therefore, this study retrieved and analyzed 2210 articles published on cybersecurity behavior. The retrieved articles were then thoroughly examined to meet the inclusion and exclusion criteria, in which 39 studies published between 2012 and 2021 were ultimately picked for further in-depth analysis. The main findings showed that the protection motivation theory (PMT) dominated the list of theories and models examining cybersecurity behavior. Cybersecurity behavior and intention behavior cou...

The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats

Information Systems Frontiers, 2017

Individuals can perform many different behaviors to protect themselves from computer security threats. Research, however, generally explores computer security behaviors in isolation, typically looking at one behavior per study, such as usage of malware or strong passwords. However, defense in depth requires that multiple behaviors be performed concurrently for one's computer to be protected. Addressing this gap in prior research, this study measures 279 individuals' computer security behaviors and analyzes them with multi-dimensional scaling. We examined three security threats: security related performance degradation, identify theft, and data loss. The results present a mapping of security behaviors performed together with other behaviors on two dimensions for each of these threats. Using expert reviews of the resulting dimensions, the study proposes that response efficacy and response cost help explain why people perform certain behaviors together. These findings can help explain inconsistent results in prior information security research because they focused on one behavior only whereas people perform various security behaviors together in an effort to mitigate specific security threats. The study informs research and practice by identifying security threat-response pairs via expert interviews, surveying individuals on how they perform multiple security behaviors concurrently to mitigate security threats, identifying why certain behaviors are performed together, and using these findings to identify reasons why IS security research has confounding results based on specific individual threat-response pairs used in prior studies.

Identifying Behavioral Constructs in Relation to User Cybersecurity Behavior (original) (raw)

Related papers