The challenge of changing user cybersecurity behaviour is now in the foreground of cybersecurity research. To understand the problem, cybersecurity behaviour researchers have included, into their studies, theories from the Psychology domain. Psychology makes use of several behavioural theories to explain behaviour. This leads to the question, which of these theories are best suited to firstly understand cybersecurity behaviour and secondly to change the behaviour for the better. To answer this question, as a prelude to the current paper, previous publications have 1) established a definition for the different categories of cybersecurity behaviour, 2) identified and applied a framework, the Theoretical Domains Framework, that ties different behavioural theories together into one behaviour change framework. The current study is aimed to show the link between the behavioural constructs discussed in the Theoretical Domains Framework to the different cybersecurity behaviour categories. The contribution of the study is towards the implementors of initiatives that aim to change cybersecurity behaviour.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...