Abstract
Humans are still the weakest link in the cyber security system. In order to correct cybersecurity behaviour, it is important to understand both the behaviour as well as the cause of the behaviour. In an effort towards the latter, researchers have conducted empirical studies that investigate the constructs of cybersecurity behaviour. This approach has led to a plethora of constructs being proposed as the determinates of cybersecurity behavior. The large number of constructs make it difficult to decide which constructs to focus on when designing cybersecurity behavior interventions. This problem is not unique to cybersecurity behaviour. A similar problem exists in the medical domain. One proposed solution, that achieved good results in the medical domain, is the use of the Theoretical Domain Framework. The contribution of the current paper is a mapping of the constructs found in cybersecurity behaviour, to the Theoretical Domain Framework. This has been achieved by a systematic literature survey. The significance of the study is the identification and of the main behavioural constructs used in the cybersecurity domain. The findings of this research are aimed at being used as a basis when planning theory-based interventions for cybersecurity behaviour change.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33, 237–248 (2014)
Cone, B.D., Irvine, C.E., Thompson, M.F., Nguyen, T.D.: A video game for cyber security training and awareness. Comput. Secur. 26, 63–72 (2007)
Halevi, T., Lewis, J., Memon, N.: A pilot study of cyber security and privacy related behavior and personality traits. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 737–744. ACM (2013)
Wiederhold, B.K.: The role of psychology in enhancing cybersecurity. Mary Ann Liebert, Inc., New Rochelle (2014)
Proctor, R.W., Chen, J.: The role of human factors/ergonomics in the science of security: decision making and action selection in cyberspace. Hum. Factors 57, 721–727 (2015)
Michie, S., Johnston, M., Abraham, C., Lawton, R., Parker, D., Walker, A.: Making psychological theory useful for implementing evidence based practice: a consensus approach. BMJ Qual. Saf. 14, 26–33 (2005)
Cane, J., O’Connor, D., Michie, S.: Validation of the theoretical domains framework for use in behaviour change and implementation research. Implement. Sci. 7, 37 (2012)
Atkins, L., et al.: A guide to using the Theoretical Domains Framework of behaviour change to investigate implementation problems. Implement. Sci. 12, 77 (2017)
Cane, J., Richardson, M., Johnston, M., Ladha, R., Michie, S.: From lists of behaviour change techniques (BCT s) to structured hierarchies: comparison of two methods of developing a hierarchy of BCT s. Br. J. Health. Psychol. 20, 130–150 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Date | Author name | Title | Theories | Behaviour |
---|---|---|---|---|
2019 | Jansen, Jurjen, and Paul van Schaik | The Design and Evaluation of a Theory-Based Intervention to Promote Security Behaviour Against Phishing | Protection Motivation Theory | Phishing susceptibility |
2018 | Vishwanath, Arun, Brynne Harrison, and Yu Jie Ng | Suspicion, Cognition, and Automaticity Model of Phishing Susceptibility | Heuristic Systematic Model | Phishing susceptibility |
2018 | Verkijika, Silas Formunyuy | Understanding Smartphone Security Behaviors: An Extension of the Protection Motivation Theory with Anticipated Regret | Protection Motivation Theory | Security Behaviour on Smartphones |
2017 | Choi, M., Yair Levy, and Anat Hovav | The Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills Influence on Computer Misuse | Not one specific theory, just constructs | Computer misuse intention |
2017 | Matias Dodel and Gustavo Mesch | Cyber-Victimization Preventive Behavior: A Health Belief Model Approach | Health Behaviour Model | Anti-virus preventive behaviour |
2017 | Princely Ifinedo | Effects of Organization Insiders’ Self-Control and Relevant Knowledge on Participation in Information Systems Security Deviant Behaviour | Self-Control Theory | Safety behaviour |
2016 | Tsai, Hsin-yi Sandy, Mengtian Jiang, Saleem Alhabash, Robert LaRose, Nora J. Rifon, and Shelia R. Cotten. | Understanding Online Safety Behaviors: A Protection Motivation Theory Perspective | Protection Motivation Theory | Security intentions |
2016 | Ashley N. Doane, Laura G. Boothe, Matthew R. Pearson and Michelle L. Kelley | Risky Electronic Communication Behaviors and Cyberbullying Victimization: An Application of Protection Motivation Theory | Protection Motivation Theory | Risky electronic communication behaviours and cyberbullying |
2016 | Bartlomiej Hanus and Yu Andy Wu | Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective | Protection Motivation Theory | Security Awareness on Desktop Security Behaviour |
2016 | Jurjen Jansen and Paul van Schaik | Understanding Precautionary Online Behavioural Intentions: A Comparison of Three Models | Protection Motivation Theory The Reasoned Action | Online behavioural intentions |
2015 | Nader Sohrabi Safa, Mehdi Sookhak, Rossouw Von Solms, Steven Furnell, Norjihan Abdul Ghani and Tutut Herawan | Information Security Conscious Care Behaviour Formation in Organizations | Theory of Planned Behaviour The Protection Motivation Theory | Information security conscious care behaviour |
2014 | Waldo Rocha Flores, Egil Antonsen and Mathias Ekstedt | Information Security Knowledge Sharing in Organizations: Investigating the Effect of Behavioral Information Security Governance and National Culture | Cultural Framework | Information security knowledge sharing |
2014 | Nalin Asanka, Gamagedara Arachchilage and Steve Love | Security Awareness of Computer Users: A Phishing Threat Avoidance Perspective | Technology Threat Avoidance Theory | Avoiding phishing |
2014 | Justin Cashin and Princely Ifinedo | Using Social Cognitive Theory to Understand Employees’ Counterproductive Computer Security Behaviors (CCSB): A Pilot Study | Social Cognitive Theory | Counterproductive computer security behaviors |
2014 | Princely Ifinedo | Social Cognitive Determinants of Non-Malicious, Counterproductive Computer Security Behaviors (Ccsb): An Empirical Analysis | Social Cognitive Theory Theory of Planned Behaviour | Non-malicious, counterproductive computer security behaviors (CCSB) |
2013 | Bo Sophia Xiao and Yee Man Wong | Cyber-Bullying Among University Students: An Empirical Investigation from the Social Cognitive Perspective | Social Cognitive Theory | Cyber-bullying |
2013 | Sarah Burns and Lynne Diane Roberts | Applying the Theory of Planned Behaviour to Predicting Online Safety Behaviour | Theory of Planned Behaviour | Online safety behaviour |
2012 | Anthony Vance, Mikko Siponen and Seppo Pahnila | Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory | Protection Motivation Theory | Influence of habit on IS policy compliance |
2012 | Princely Ifinedo | Understanding Information Systems Security Policy compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory | Theory of Planned Behavior The Protection Motivation Theory | Security policy compliance |
2010 | Anderson, C. L., and Agarwal, R. | Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions | Protection Motivation Theory | Home computer user’s intention to protect the Internet and own computer |
2010 | Johnston, A. C., and Warkentin, M | Fear Appeals and Information Security Behaviors: An Empirical Study | Technology Adoption Fear Appeal Theories | Compliance of end users |
2009 | Tejaswini Herath and H.R. Rao | Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness | Intrinsic and Extrinsic Motivators in Information Security Behaviours | Information security policy compliance |
2009 | George R. Milne, Lauren I. Labrecque, and Cory Cromer | Toward an Understanding of the Online Consumer’s Risky Behavior and Protection Practices | Protection Motivation Theory Social Cognitive Theory | Consumers’ perception of the threat and likelihood of threat associated with online experiences |
2009 | Ng, Boon-Yuen, Atreyi Kankanhalli, and Yunjie Calvin Xu. | Studying Users’ Computer Security Behavior: A Health Belief Perspective | Health Belief Mode | Computer security behavior |
2009 | Hyeun-Suk Rheea, Cheongtag Kimb, Young U. Ryuc | Self-Efficacy in Information Security: Its Influence on End Users’ Information Security Practice Behavior | Social Cognitive Theory | Security practice behaviour |
2009 | Tim Chenoweth, Robert Minch and Tom Gattiker | Application of Protection Motivation Theory to Adoption of Protective Technologies | Protection Motivation Theory | Adoption of Protective Technologies |
2007 | Mikko Siponen, Seppo Pahnila, and Adam Mahmood | Employees’ Adherence to Information Security Policies: An Empirical Study | Protection Motivation Theory General Deterrence Theory Theory of Reasoned Action | Policy compliance |
2006 | S. Chai, S. Bagchi-Sen, C. Morrell, H. R. Rao and S. Upadhyaya | Role of Perceived Importance of Information Security: An Exploratory Study of Middle School Children’s Information Security Behavior | Social Cognitive Theory Self-Efficacy | Information Security Behaviour on the Internet |
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Mashiane, T., Kritzinger, E. (2019). Theoretical Domain Framework to Identify Cybersecurity Behaviour Constructs. In: Rønningsbakk, L., Wu, TT., Sandnes, F., Huang, YM. (eds) Innovative Technologies and Learning. ICITL 2019. Lecture Notes in Computer Science(), vol 11937. Springer, Cham. https://doi.org/10.1007/978-3-030-35343-8_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-35343-8_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-35342-1
Online ISBN: 978-3-030-35343-8
eBook Packages: Computer ScienceComputer Science (R0)