Theoretical Domain Framework to Identify Cybersecurity Behaviour Constructs

Abstract

Humans are still the weakest link in the cyber security system. In order to correct cybersecurity behaviour, it is important to understand both the behaviour as well as the cause of the behaviour. In an effort towards the latter, researchers have conducted empirical studies that investigate the constructs of cybersecurity behaviour. This approach has led to a plethora of constructs being proposed as the determinates of cybersecurity behavior. The large number of constructs make it difficult to decide which constructs to focus on when designing cybersecurity behavior interventions. This problem is not unique to cybersecurity behaviour. A similar problem exists in the medical domain. One proposed solution, that achieved good results in the medical domain, is the use of the Theoretical Domain Framework. The contribution of the current paper is a mapping of the constructs found in cybersecurity behaviour, to the Theoretical Domain Framework. This has been achieved by a systematic literature survey. The significance of the study is the identification and of the main behavioural constructs used in the cybersecurity domain. The findings of this research are aimed at being used as a basis when planning theory-based interventions for cybersecurity behaviour change.

Appendix

Date	Author name	Title	Theories	Behaviour
2019	Jansen, Jurjen, and Paul van Schaik	The Design and Evaluation of a Theory-Based Intervention to Promote Security Behaviour Against Phishing	Protection Motivation Theory	Phishing susceptibility
2018	Vishwanath, Arun, Brynne Harrison, and Yu Jie Ng	Suspicion, Cognition, and Automaticity Model of Phishing Susceptibility	Heuristic Systematic Model	Phishing susceptibility
2018	Verkijika, Silas Formunyuy	Understanding Smartphone Security Behaviors: An Extension of the Protection Motivation Theory with Anticipated Regret	Protection Motivation Theory	Security Behaviour on Smartphones
2017	Choi, M., Yair Levy, and Anat Hovav	The Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills Influence on Computer Misuse	Not one specific theory, just constructs	Computer misuse intention
2017	Matias Dodel and Gustavo Mesch	Cyber-Victimization Preventive Behavior: A Health Belief Model Approach	Health Behaviour Model	Anti-virus preventive behaviour
2017	Princely Ifinedo	Effects of Organization Insiders’ Self-Control and Relevant Knowledge on Participation in Information Systems Security Deviant Behaviour	Self-Control Theory	Safety behaviour
2016	Tsai, Hsin-yi Sandy, Mengtian Jiang, Saleem Alhabash, Robert LaRose, Nora J. Rifon, and Shelia R. Cotten.	Understanding Online Safety Behaviors: A Protection Motivation Theory Perspective	Protection Motivation Theory	Security intentions
2016	Ashley N. Doane, Laura G. Boothe, Matthew R. Pearson and Michelle L. Kelley	Risky Electronic Communication Behaviors and Cyberbullying Victimization: An Application of Protection Motivation Theory	Protection Motivation Theory	Risky electronic communication behaviours and cyberbullying
2016	Bartlomiej Hanus and Yu Andy Wu	Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective	Protection Motivation Theory	Security Awareness on Desktop Security Behaviour
2016	Jurjen Jansen and Paul van Schaik	Understanding Precautionary Online Behavioural Intentions: A Comparison of Three Models	Protection Motivation Theory The Reasoned Action	Online behavioural intentions
2015	Nader Sohrabi Safa, Mehdi Sookhak, Rossouw Von Solms, Steven Furnell, Norjihan Abdul Ghani and Tutut Herawan	Information Security Conscious Care Behaviour Formation in Organizations	Theory of Planned Behaviour The Protection Motivation Theory	Information security conscious care behaviour
2014	Waldo Rocha Flores, Egil Antonsen and Mathias Ekstedt	Information Security Knowledge Sharing in Organizations: Investigating the Effect of Behavioral Information Security Governance and National Culture	Cultural Framework	Information security knowledge sharing
2014	Nalin Asanka, Gamagedara Arachchilage and Steve Love	Security Awareness of Computer Users: A Phishing Threat Avoidance Perspective	Technology Threat Avoidance Theory	Avoiding phishing
2014	Justin Cashin and Princely Ifinedo	Using Social Cognitive Theory to Understand Employees’ Counterproductive Computer Security Behaviors (CCSB): A Pilot Study	Social Cognitive Theory	Counterproductive computer security behaviors
2014	Princely Ifinedo	Social Cognitive Determinants of Non-Malicious, Counterproductive Computer Security Behaviors (Ccsb): An Empirical Analysis	Social Cognitive Theory Theory of Planned Behaviour	Non-malicious, counterproductive computer security behaviors (CCSB)
2013	Bo Sophia Xiao and Yee Man Wong	Cyber-Bullying Among University Students: An Empirical Investigation from the Social Cognitive Perspective	Social Cognitive Theory	Cyber-bullying
2013	Sarah Burns and Lynne Diane Roberts	Applying the Theory of Planned Behaviour to Predicting Online Safety Behaviour	Theory of Planned Behaviour	Online safety behaviour
2012	Anthony Vance, Mikko Siponen and Seppo Pahnila	Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory	Protection Motivation Theory	Influence of habit on IS policy compliance
2012	Princely Ifinedo	Understanding Information Systems Security Policy compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory	Theory of Planned Behavior The Protection Motivation Theory	Security policy compliance
2010	Anderson, C. L., and Agarwal, R.	Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions	Protection Motivation Theory	Home computer user’s intention to protect the Internet and own computer
2010	Johnston, A. C., and Warkentin, M	Fear Appeals and Information Security Behaviors: An Empirical Study	Technology Adoption Fear Appeal Theories	Compliance of end users
2009	Tejaswini Herath and H.R. Rao	Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness	Intrinsic and Extrinsic Motivators in Information Security Behaviours	Information security policy compliance
2009	George R. Milne, Lauren I. Labrecque, and Cory Cromer	Toward an Understanding of the Online Consumer’s Risky Behavior and Protection Practices	Protection Motivation Theory Social Cognitive Theory	Consumers’ perception of the threat and likelihood of threat associated with online experiences
2009	Ng, Boon-Yuen, Atreyi Kankanhalli, and Yunjie Calvin Xu.	Studying Users’ Computer Security Behavior: A Health Belief Perspective	Health Belief Mode	Computer security behavior
2009	Hyeun-Suk Rheea, Cheongtag Kimb, Young U. Ryuc	Self-Efficacy in Information Security: Its Influence on End Users’ Information Security Practice Behavior	Social Cognitive Theory	Security practice behaviour
2009	Tim Chenoweth, Robert Minch and Tom Gattiker	Application of Protection Motivation Theory to Adoption of Protective Technologies	Protection Motivation Theory	Adoption of Protective Technologies
2007	Mikko Siponen, Seppo Pahnila, and Adam Mahmood	Employees’ Adherence to Information Security Policies: An Empirical Study	Protection Motivation Theory General Deterrence Theory Theory of Reasoned Action	Policy compliance
2006	S. Chai, S. Bagchi-Sen, C. Morrell, H. R. Rao and S. Upadhyaya	Role of Perceived Importance of Information Security: An Exploratory Study of Middle School Children’s Information Security Behavior	Social Cognitive Theory Self-Efficacy	Information Security Behaviour on the Internet