External contextual factors in information security behaviour

Abstract

Human behaviour is often considered to be irrational, difficult to understand, and challenging to manage. This phenomenon has a direct impact on the way in which humans behave when confronted with information security which, in turn, complicates how security is to be managed. This research attempts to investigate the role that contextual factors play in how humans behave, specifically with regards to information security. Contextual factors are identified that influence human behaviour in general. These factors are conceptualised in relation to existing models of behaviour and subsequently mapped to information security behaviour. A practical research exercise, relating to information security behaviour, is conducted with a university residence as the contextual environment. The specific contextual factors, and how they relate to information security, are discussed. Information security behavioural threshold analysis is employed to evaluate the impact of the identified contextual factors on the residence’s security behaviour. The results are reflected upon, based on the results from the threshold analysis. The paper concludes by highlighting the contributions that were made towards understanding contextual factors in information security