SIG SEC - Information Security and Privacy

Paper Type

ERF

Paper Number

1709

Description

Extant work has examined users’ security behavior in both individual and organizational contexts by mainly applying theories that assume users’ rationality. While this has enhanced our understanding of the conscious factors that underlie security behaviors, the assumption of conscious rationality bounds the theoretical lens. Addressing this limitation would facilitate expanding the knowledge ecology in the information security literature. Information security studies have started to recognize this assumption. To evaluate this milieu of disparate approaches, we conduct a preliminary literature review and identify several nonconscious factors that may shape security behaviors. In this ERF paper, we discuss herd behavior, cognitive biases, automatic cognition (also termed system 1 thinking), affect, risk homeostasis, and framing effects perception. We discuss future plans to develop a research framework that integrates the alternate nonconscious factors that may underlie security behavior, thereby providing a comprehensive alternate approach to studying behavioral information security.

Comments

SIG SEC

Share

COinS
 
Aug 10th, 12:00 AM

Beyond Rational Information Security Decisions: An Alternate View

Extant work has examined users’ security behavior in both individual and organizational contexts by mainly applying theories that assume users’ rationality. While this has enhanced our understanding of the conscious factors that underlie security behaviors, the assumption of conscious rationality bounds the theoretical lens. Addressing this limitation would facilitate expanding the knowledge ecology in the information security literature. Information security studies have started to recognize this assumption. To evaluate this milieu of disparate approaches, we conduct a preliminary literature review and identify several nonconscious factors that may shape security behaviors. In this ERF paper, we discuss herd behavior, cognitive biases, automatic cognition (also termed system 1 thinking), affect, risk homeostasis, and framing effects perception. We discuss future plans to develop a research framework that integrates the alternate nonconscious factors that may underlie security behavior, thereby providing a comprehensive alternate approach to studying behavioral information security.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.