Information security in the workplace: A mixed-methods approach to understanding and improving security behaviours

The thesis identified influencers and barriers to specific security behaviours and developed an extended-Protection Motivation Theory model. The model includes information sensitivity appraisal as an important influencer for which a new scale (WISA) was developed and validated. The model was tested on three specific anti-malware behaviours: usage of antimalware software, installing software updates and avoiding suspicious links within emails. The testing allowed the identification of the most influential factors for each behaviour and demonstrated how these factors differ between behaviours. A nuance that is lost when adopting the IS policy compliance approach and was also confirmed by the qualitative findings. The findings from the models informed the design of the behaviour change intervention.