Behavioural threshold analysis in the context of information security
Abstract
The human aspect in information security provides a unique challenge for its assessment and
management. Many studies seek to address this challenge by employing psychological models
to understand the behaviour of individuals when confronted with information security issues. Such
models typically only address the behaviour of individuals and do not provide for the intricacies
of the behaviour of people in groups. Few models exist to quantify group behaviour and as far as
the researcher is aware, none have been applied in information security group behaviour before.
Based on threshold models of collective behaviour, behavioural threshold analysis is used to
quantify the individual inclinations of the members of a group and, based on the aggregation of
these quantifications, predict possible outcomes of the collective behaviour of that group.
Therefore, this study aims to address the following research question: How can behavioural
threshold analysis be employed as an aid for managing the human factor in information security
group behaviour?
In this thesis as a series of papers, research articles are presented that describe the full range of
activities that relate to the establishment of behavioural threshold analysis as a novel method for
the evaluation of information security group behaviour. The approach is developed from the
ground up and the activities that are described include, the initial exploratory investigation of the
model in the new context of information security, the investigation of alternative strategies for finetuning
the approach, the establishment of a formal methodology, real-world applications of the
formal method in practice, and the development of practical and theoretical artefacts that can be
used by future researchers and practitioners.
This study makes contributions in three categories: literature, theory and practice. By publishing
the findings and contributions in journals, conference proceedings, and book series, new
knowledge is contributed to the existing body of literature. Theoretical contributions include a
formalised methodology and application framework. The contribution to the practice of information
security is in the form of a decision support system. Therefore, by adopting an approach from the
field of sociology, which was previously not applied in the field of information security, and
adapting it to the unique and specialised requirements for evaluating information security group
behaviour, the research question was answered.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Information security education. Information security in action
Drevin, Lynette; Von Solms, Suné; Theocharidou, Marianthi (Springer, 2020)This book constitutes the refereed proceedings of the 13th IFIP WG 11.8 World Conference on Information Security Education, WISE 13, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to ... -
Informality, employment contracts, and social insurance coverage: rights-based perspectives in a developing world context
Olivier, Marius Paul (Kluwer Law International, 2011)This contribution critically reflects on rights-based perspectives in relation to the extension of social security, in particular social insurance coverage to those who work informally, with a focus on the developing world. ... -
Theorising on risk homeostasis in the context of information security behaviour
Kearney, Wayne D.; Kruger, Hennie A. (Emerald, 2016)Purpose – The purpose of this paper is to discuss and theorise on the appropriateness and potential impact of risk homeostasis in the context of information security. Design/methodology/approach – The discussion is mainly ...