Cybersecurity Behaviour: A Conceptual Taxonomy

Mashiane, Thulani; Kritzinger, Elmarie

doi:10.1007/978-3-030-20074-9_11

Cited by 7 publications

(2 citation statements)

References 21 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on our classification scheme, it is possible to derive measures for specific types of behavior, such as targeted awareness programs, based on behaviors where employees were not aware of their offenses or specific measures against the different types of expected added values. Further possibilities would be, e.g., the use of behavior with organizational moral or beneficial intention to achieve a positive effect on information security, e.g., promoting an information security culture [32].…”

Section: Discussionmentioning

confidence: 99%

Towards a Taxonomy of Information Security Policy Non-Compliance Behavior

Hengstler¹,

Nickerson²,

Trang³

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Due to the increasing digitalization of our society, IT security professionals must implement even more effective security measures to meet the growing information security requirements of their organizations. To target and effectively deploy these measures in the best possible way, they must consider different types of behaviors that might lead to information security threats. Regarding this issue, current research offers little for clarity to security professionals when it comes to understanding and differentiating the various types of behavior. Therefore, this research aims to develop a taxonomy to classify different types of information security policy non-compliance behavior. Our results present a taxonomy with five dimensions, each containing mutually exclusive and collectively exhaustive characteristics. Our results provide a basis for a more specific analysis of different types of information security policy non-compliance behavior and can be used for more comprehensive development and analysis of appropriate security measures.

show abstract

Section: Discussionmentioning

confidence: 99%

Towards a Taxonomy of Information Security Policy Non-Compliance Behavior

Hengstler¹,

Nickerson²,

Trang³

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…One such example would be that behavior is likely to be different between a user's work-related and private use. That since the user is likely to be constrained by policies and technical security controls at work, but not equally so at home (Mashiane & Kritzinger, 2018). Individual factors such as gender, stress level, the user's security awareness and knowledge, and predisposition to being suspicious are also important factors influencing the users' response to different situations (Chowdhury, Adam, & Skinner, 2019;Donalds & Osei-Bryson, 2020;Harrison, Vishwanath, & Rao, 2016).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

A Taxonomy of SETA Methods and Linkage to Delivery Preferences

Kävrestad,

Nohlberg,

Furnell

2023

SIGMIS Database

View full text Add to dashboard Cite

Cybersecurity threats targeting users are common in today's information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA programs. The notion of training users is old, and several SETA methods are described in scientific literature. Yet, incidents stemming from insecure user behavior continue to happen and are reported as one of the most common types of incidents. Researchers argue that empirically proven SETA programs are needed and point out focus on knowledge rather than behavior, along with poor user adoption, as problems with existing programs. The present study aims to research user preferences regarding SETA methods, with the motivation that a user is more likely to adopt a program perceived positively. A qualitative approach is used to identify existing SETA methods, and a quantitative approach is used to measure user preferences regarding SETA delivery. We show that users prefer SETA methods to be effortless and flexible and outline how existing methods meet that preference. The results outline how SETA methods respond to user preferences and how different SETA methods can be implemented to maximize user perception, thereby supporting user adoption.

show abstract

Theoretical Domains Framework Applied to Cybersecurity Behaviour

Mashiane

Kritzinger

2020

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Cybersecurity Behaviour: A Conceptual Taxonomy

Cited by 7 publications

References 21 publications

Towards a Taxonomy of Information Security Policy Non-Compliance Behavior

Towards a Taxonomy of Information Security Policy Non-Compliance Behavior

A Taxonomy of SETA Methods and Linkage to Delivery Preferences

Theoretical Domains Framework Applied to Cybersecurity Behaviour

Contact Info

Product

Resources

About