SIG SEC - Information Security and Privacy
Paper Type
ERF
Paper Number
1709
Description
Extant work has examined users’ security behavior in both individual and organizational contexts by mainly applying theories that assume users’ rationality. While this has enhanced our understanding of the conscious factors that underlie security behaviors, the assumption of conscious rationality bounds the theoretical lens. Addressing this limitation would facilitate expanding the knowledge ecology in the information security literature. Information security studies have started to recognize this assumption. To evaluate this milieu of disparate approaches, we conduct a preliminary literature review and identify several nonconscious factors that may shape security behaviors. In this ERF paper, we discuss herd behavior, cognitive biases, automatic cognition (also termed system 1 thinking), affect, risk homeostasis, and framing effects perception. We discuss future plans to develop a research framework that integrates the alternate nonconscious factors that may underlie security behavior, thereby providing a comprehensive alternate approach to studying behavioral information security.
Recommended Citation
Nehme, Alaa; Warkentin, Merrill; Jang, Kyungmyung; and Kim, Sumin, "Beyond Rational Information Security Decisions: An Alternate View" (2022). AMCIS 2022 Proceedings. 26.
https://aisel.aisnet.org/amcis2022/sig_sec/sig_sec/26
Beyond Rational Information Security Decisions: An Alternate View
Extant work has examined users’ security behavior in both individual and organizational contexts by mainly applying theories that assume users’ rationality. While this has enhanced our understanding of the conscious factors that underlie security behaviors, the assumption of conscious rationality bounds the theoretical lens. Addressing this limitation would facilitate expanding the knowledge ecology in the information security literature. Information security studies have started to recognize this assumption. To evaluate this milieu of disparate approaches, we conduct a preliminary literature review and identify several nonconscious factors that may shape security behaviors. In this ERF paper, we discuss herd behavior, cognitive biases, automatic cognition (also termed system 1 thinking), affect, risk homeostasis, and framing effects perception. We discuss future plans to develop a research framework that integrates the alternate nonconscious factors that may underlie security behavior, thereby providing a comprehensive alternate approach to studying behavioral information security.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIG SEC