Synergizing Human Behavior and Cybersecurity using Psychometric Scale

Khurram Iqbal; Farhat M. Khan; Farooq Iqbal; Syeda Areej Asif; Shahreen Sheikh; Farees Fatima; Abdul Basit Abbasi

Authors

Khurram Iqbal Hamdard University, Department of Computing, Faculty of Engineering Sciences and Technology, Karachi, Sindh, Pakistan
Farhat M. Khan Nazeer Hussain University, Karachi, Sindh, Pakistan
Farooq Iqbal Hamdard University, Department of Computing, Faculty of Engineering Sciences and Technology, Karachi, Sindh, Pakistan
Syeda Areej Asif Hamdard University, Department of Computing, Faculty of Engineering Sciences and Technology, Karachi, Sindh, Pakistan
Shahreen Sheikh Hamdard University, Department of Computing, Faculty of Engineering Sciences and Technology, Karachi, Sindh, Pakistan
Farees Fatima Hamdard University, Department of Computing, Faculty of Engineering Sciences and Technology, Karachi, Sindh, Pakistan
Abdul Basit Abbasi Hamdard University, Department of Computing, Faculty of Engineering Sciences and Technology, Karachi, Sindh, Pakistan

Keywords:

Cybersecurity, Human actions, Psychometric assessment, Risk awareness, Adherence

Abstract

Cybersecurity threats are increasingly shaped by human actions, making it crucial to comprehend the psychological elements that lead to vulnerabilities. This article examines the interplay between human behavior and cybersecurity through the use of psychometric scales to evaluate risk perception, decision-making, and adherence to security protocols. A quantitative research design was employed, using validated psychometric tools like the Human Aspects of Information Security Questionnaire (HAIS-Q) and the Cybersecurity Risk Perception Scale (CRPS). Data was gathered from 200 individuals in different organizational positions and examined using statistical techniques, such as correlation and regression analysis. Findings demonstrated a noteworthy association between psychological characteristics (e.g., risk tolerance, conscientiousness) and cybersecurity practices. People with a greater awareness of risks showed improved compliance with security policies, whereas individuals with lower levels of conscientiousness were more likely to engage in risky online activities. The results indicate that incorporating psychometric evaluations into cybersecurity training can improve threat management by customizing strategies according to personal behavior patterns. This article adds to the expanding research on human-centered cybersecurity strategies, offering empirical data on the impact of psychometrics in enhancing security awareness and compliance. Future studies ought to investigate long-term impacts and cross-cultural assessments of psychometric scales within cybersecurity settings.

Author Biography

Farhat M. Khan, Nazeer Hussain University, Karachi, Sindh, Pakistan

Senior Lecturer

References

J. I. H. Cori Faklaris, Laura Dabbish, “Do They Accept or Resist Cybersecurity Measures? Development and Validation of the 13-Item Security Attitude Inventory (SA-13),” arXiv:2204.03114, 2022, doi: https://doi.org/10.48550/arXiv.2204.03114.

D. J. Howard, “Development of the Cybersecurity Attitudes Scale and Modeling Cybersecurity Behavior and its Antecedents,” M.S. thesis, Univ. South Florida, 2018, [Online]. Available: https://digitalcommons.usf.edu/etd/7306/

M. B. Hsiao-Ying Huang, Soteris Demetriou, Rini Banerjee, Güliz Seray Tuncay, Carl A. Gunter, “Smartphone Security Behavioral Scale: A New Psychometric Measurement for Smartphone Security,” arXiv:2007.01721, 2020, [Online]. Available: https://arxiv.org/abs/2007.01721

C. J. Kathryn Parsons, Agata McCormac, Marcus Butavicius, Malcolm Pattinson, “Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q),” Comput. Secur., vol. 42, pp. 165–176, 2014, doi: https://doi.org/10.1016/j.cose.2013.12.003.

Lee Hadlington, “Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours,” Heliyon, vol. 3, no. 7, p. e00346, 2017, [Online]. Available: https://www.cell.com/heliyon/fulltext/S2405-8440(17)30998-2?_returnURL=https%3A%2F%2Flinkinghub.elsevier.com%2Fretrieve%2Fpii%2FS2405844017309982%3Fshowall%3Dtrue

A. G. Margaret Gratian, Sruthi Bandi, Michel Cukier, Josiah Dykstra, “Correlating human traits and cyber security behavior intentions,” Comput. Secur., vol. 73, pp. 345–358, 2018, doi: https://doi.org/10.1016/j.cose.2017.11.015.

B.-Y. Ng, A. Kankanhalli, and Y. (Calvin) Xu, “Studying users’ computer security behavior: A health belief perspective,” Decis. Support Syst., vol. 46, no. 4, pp. 815–825, 2009, doi: https://doi.org/10.1016/j.dss.2008.11.010.

D. S. Michael Workman, William H. Bommer, “Security lapses and the omission of information security measures: A threat control model and empirical test,” Comput. Human Behav., vol. 24, no. 6, pp. 2799–2816, 2008, doi: https://doi.org/10.1016/j.chb.2008.04.005.

Princely Ifinedo, “Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory,” Comput. Secur., vol. 31, no. 1, pp. 83–95, 2012, doi: https://doi.org/10.1016/j.cose.2011.10.007.

C. Posey, T. L. Roberts, and P. B. Lowry, “The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets,” J. Manag. Inf. Syst., vol. 32, no. 4, pp. 179–214, Oct. 2015, doi: 10.1080/07421222.2015.1138374.

M. P. Agata McCormac, Tara Zwaans, Kathryn Parsons, Dragana Calic, Marcus Butavicius, “Individual differences and Information Security Awareness,” Comput. Human Behav., vol. 69, pp. 151–156, 2017, doi: https://doi.org/10.1016/j.chb.2016.11.065.

S. S. Jordan Shropshire, Merrill Warkentin, “Personality, attitudes, and intentions: Predicting initial adoption of information security behavior,” Comput. Secur., vol. 49, pp. 177–191, 2015, doi: https://doi.org/10.1016/j.cose.2015.01.002.

K. H. Guo, Y. Yuan, N. P. Archer, and C. E. Connelly, “Understanding nonmalicious security violations in the workplace: A composite behavior model,” J. Manag. Inf. Syst., vol. 28, no. 2, pp. 203–236, Oct. 2011, doi: 10.2753/MIS0742-1222280208;PAGE:STRING:ARTICLE/CHAPTER.

J. D’Arcy and T. Herath, “A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings,” Eur. J. Inf. Syst., vol. 20, no. 6, pp. 643–658, 2011, doi: 10.1057/EJIS.2011.23.

T. Herath and H. R. Rao, “Protection motivation and deterrence: a framework for security policy compliance in organisations,” Eur. J. Inf. Syst., vol. 18, no. 2, pp. 106–125, 2009, doi: 10.1057/EJIS.2009.6.

M. Warkentin, A. C. Johnston, and J. Shropshire, “The influence of the informal social learning environment on information privacy policy compliance efficacy and intention,” Eur. J. Inf. Syst., vol. 20, no. 3, pp. 267–284, 2011, doi: 10.1057/EJIS.2010.72.

R. Crossler and F. Bélanger, “An Extended Perspective on Individual Security Behaviors,” ACM SIGMIS Database DATABASE Adv. Inf. Syst., vol. 45, no. 4, pp. 51–71, Nov. 2014, doi: 10.1145/2691517.2691521.

B. Bulgurcu, H. Cavusoglu, and I. Benbasat, “Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness,” MIS Q. Manag. Inf. Syst., vol. 34, no. SPEC. ISSUE 3, pp. 523–548, 2010, doi: 10.2307/25750690.

S. P. Anthony Vance, Mikko Siponen, “Motivating IS security compliance: Insights from Habit and Protection Motivation Theory,” Inf. Manag., vol. 49, no. 3–4, pp. 190–198, 2012, doi: https://doi.org/10.1016/j.im.2012.04.002.

R. B. Cialdini, “Crafting Normative Messages to Protect the Environment,” Curr. Dir. Psychol. Sci., vol. 12, no. 4, pp. 105–109, Aug. 2003, doi: 10.1111/1467-8721.01242.

Areej AlHogail, “Design and validation of information security culture framework,” Comput. Human Behav., vol. 49, pp. 567–575, 2015, doi: https://doi.org/10.1016/j.chb.2015.03.054.

K. Hadlington, L., & Parsons, “Can education and training really help improve cybersecurity? A psychological perspective,” Cyberpsychology J. Psychosoc. Res. Cybersp., vol. 11, no. 4, 2017.

H. X. Han Li, Rathindra Sarathym, “The role of affect and cognition on online consumers’ decision to disclose personal information to unfamiliar online vendors,” Decis. Support Syst., vol. 51, no. 3, pp. 434–445, 2011, doi: https://doi.org/10.1016/j.dss.2011.01.017.

R. Alqahtani, H. A., & Thurasamy, “Information security awareness: Literature review and integrative framework for future research,” Telemat. Informatics, vol. 58, p. 101537, 2021, [Online]. Available: https://scholarspace.manoa.hawaii.edu/server/api/core/bitstreams/b98313fc-668b-4467-b0bd-2a51282b4b1a/content

M. A. Sasse, S. Brostoff, and D. Weirich, “Transforming the ‘weakest link’ - A human/computer interaction approach to usable and effective security,” BT Technol. J., vol. 19, no. 3, pp. 122–131, Jul. 2001, doi: 10.1023/A:1011902718709/METRICS.