Theoretical Domain Framework to Identify Cyber security Behaviour Constructs

In order to correct cybersecurity behaviour, it is important to understand both the behaviour as well as the cause of the behaviour. In an effort towards the latter, researchers have conducted empirical studies that investigate the constructs of cybersecurity behaviour. This approach has led to a plethora of constructs being proposed as the determinates of cybersecurity behavior. The large number of constructs make it difficult to decide which constructs to focus on when designing cybersecurity behavior interventions. This problem is not unique to cybersecurity behaviour. A similar problem exists in the medical domain. One proposed solution, that achieved good results in the medical domain, is the use of the Theoretical Domain Framework. The contribution of the current paper is a mapping of the constructs found in cybersecurity behaviour, to the Theoretical Domain Framework. This has been achieved by a systematic literature survey. The significance of the study is the identification and of the main behavioural constructs used in the cybersecurity domain. The findings of this research are aimed at being used as a basis when planning theory-based interventions for cybersecurity behaviour change.