Information Security Behavioural Threshold Analysis in Practice: An Implementation Framework

This paper presents the development of a framework for evaluating group behaviour in information security in practice. Information security behavioural threshold analysis is employed as the theoretical foundation for the proposed framework. The suitability of the proposed framework is evaluated based on two sets of qualitative measures (general frameworks and information security frameworks) which were identified from literature. A novel conceptual mapping of the two sets of evaluation measures is presented and used to evaluate the proposed framework. The successful evaluation of the proposed framework, guided by the identified evaluation measures, is presented in terms of positive practical applications, as well as positive peer review and publication of the underlying theory.

[1]  Hennie A. Kruger,et al.  The application of behavioural thresholds to analyse collective behaviour in information security , 2017, Inf. Comput. Secur..

[2]  L. Brennan,et al.  Review of Behavioural Theories in Security Compliance and Research Challenge , 2017 .

[3]  Areej AlHogail,et al.  Design and validation of information security culture framework , 2015, Comput. Hum. Behav..

[4]  B. Kent Implementing research findings into practice: frameworks and guidance. , 2019, International journal of evidence-based healthcare.

[5]  Hennie A. Kruger,et al.  A Management Decision Support System for Evaluating Information Security Behaviour , 2019, ISSA.

[6]  A Kitson,et al.  Enabling the implementation of evidence based practice: a conceptual framework. , 1998, Quality in health care : QHC.

[7]  Mark S. Granovetter Threshold Models of Collective Behavior , 1978, American Journal of Sociology.

[8]  Hennie A. Kruger,et al.  Behavioural threshold analysis: methodological and practical considerations for applications in information security , 2019, Behav. Inf. Technol..

[9]  Hennie A. Kruger,et al.  I shall, we shall, and all others will: paradoxical information security behaviour , 2018, Inf. Comput. Secur..

[10]  J. Grimshaw,et al.  Knowledge translation of research findings , 2012, Implementation Science.

[11]  Hennie A. Kruger,et al.  External Contextual Factors in Information Security Behaviour , 2020, ICISSP.

[12]  Evangelos A. Kiountouzis,et al.  Investigating Information Security Awareness: Research and Practice Gaps , 2008, Inf. Secur. J. A Glob. Perspect..

[13]  Saad Haj Bakry Development of security policies for private networks , 2003 .

[14]  Hennie A. Kruger,et al.  Theorising on Information Cascades and Sequential Decision-making for Analysing Security Behaviour , 2019, ICISSP.

[15]  A. Haines,et al.  Making better use of research findings , 1998, BMJ.