Skip to main content
SpringerLink
Log in

The Model of Influence in Cybersecurity with Frames

  • Conference paper
  • First Online:
Diversity, Divergence, Dialogue (iConference 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12646))

Included in the following conference series:

  • 1555 Accesses

Abstract

The Model of Influence in Cybersecurity with Frames unifies the current literature around influence and media effects in cybersecurity messaging. Building on the Process Model of Framing Research by Scheufele, this new model applies directly to the cybersecurity area and provides a macro-level view to further researcher understand of cybersecurity influence and provide options for intervention by organizational security professionals. This analysis included 42 documents concerning the work of influencing users to engage in secure behavior covering topics in persuasion, user interface design, equivalency framing, managing, and understanding user perceptions, and exploring user mental models regarding cybersecurity. This review also investigates the use of framing in cybersecurity and the definitions needed to contextualize and understand research in cybersecurity that uses framing. This model is intended as a starting point with which to build a larger understanding of cybersecurity communication to address human factors in cybersecurity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Scheufele, D.: Framing as a theory of media effects. J. Commun. 49, 103–122 (1999). https://doi.org/10.1111/j.1460-2466.1999.tb02784.x

    Article  Google Scholar 

  2. Cacciatore, M.A., Scheufele, D.A., Iyengar, S.: The end of framing as we know it … and the future of media effects. Mass Commun. Soc. 19(1), 7–23 (2016). https://doi.org/10.1080/15205436.2015.1068811

    Article  Google Scholar 

  3. Scheufele, D.A., Tewksbury, D.: Framing, agenda setting, and priming: the evolution of three media effects models: models of media effects. J. Commun. 57(1), 9–20 (2007). https://doi.org/10.1111/j.0021-9916.2007.00326.x

    Article  Google Scholar 

  4. Entman, R.M.: Framing: toward clarification of a fractured paradigm. J. Commun. 43(4), 51–58 (1993). https://doi.org/10.1111/j.1460-2466.1993.tb01304.x

    Article  Google Scholar 

  5. Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review, MIS Q., 26(2), xiii–xxiii (2002)

    Google Scholar 

  6. Barlow, J.B., Warkentin, M., Ormond, D., Dennis, A.R.: Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Comput. Secur. 39, 145–159 (2013). https://doi.org/10.1016/j.cose.2013.05.006

    Article  Google Scholar 

  7. Burns, A.J., Johnson, M.E., Caputo, D.D.: Spear phishing in a barrel: insights from a targeted phishing campaign. J. Organ. Comput. Electron. Commer. 29(1), 24–39 (2019). https://doi.org/10.1080/10919392.2019.1552745

    Article  Google Scholar 

  8. Chen, J., Gates, C.S., Li, N., Proctor, R.W.: Influence of risk/safety information framing on android app-installation decisions. J. Cogn. Eng. Decis. Mak. 9(2), 149–168 (2015). https://doi.org/10.1177/1555343415570055

    Article  Google Scholar 

  9. Das, S., Kramer, A.D.I., Dabbish, L.A., Hong, J.I.: Increasing security sensitivity with social proof: a large-scale experimental confirmation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA, November 2014, pp. 739–749 (2014). http://doi.org/10.10/ggwmdd

  10. Dennis, A.R., Minas, R.K.: Security on autopilot: why current security theories hijack our thinking and lead us astray. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 49, 15–38 (2018). http://doi.org/10.10/gdg2q3

  11. Proctor, R.W., Chen, J.: The role of human factors/ergonomics in the science of security: decision making and action selection in cyberspace. Hum. Factors 57(5), 721–727 (2015)

    Article  Google Scholar 

  12. Tversky, A., Kahneman, D.: The framing of decisions and the psychology of choice. Science 211(4481), 453–458 (1981). https://doi.org/10.1126/science.7455683

    Article  MathSciNet  Google Scholar 

  13. Johnston, A.C., et al.: Speak their language: designing effective messages to improve employees’ information security decision making. Decis. Sci. Atlanta 50(2), 245–284 (2019). https://doi.org/10.1111/deci.12328

    Article  Google Scholar 

  14. Diesner, J., Kumaraguru, P., Carley, K.M.: Mental models of data privacy and security of indians extracted from texts. In: Conference Papers – International Communication Association, May 2005, pp. 1–13. http://search.ebscohost.com/login.aspx?direct=true&AuthType=ip,uid&db=ufh&AN=18655489&site=ehost-live&scope=site. Accessed 10 July 2020

  15. Laaksonen, A.E., Niemimaa, M., Harnesk, D.: Influences of frame incongruence on information security policy outcomes: an interpretive case study. Int. J. Soc. Organ. Dyn. IT 3(3), 33–50 (2014). https://doi.org/10.4018/ijsodit.2013070103

    Google Scholar 

  16. Qiu, C., Zhao, W., Jiang, J., Han, J.: A teaching model application in the course of information security. In: Proceedings of the 2011 Third International Workshop on Education Technology and Computer Science - volume 02, USA, March 2011, pp. 138–141. Accessed 10 July 2020

    Google Scholar 

  17. Raja, F., Hawkey, K., Hsu, S., Wang, K.-L.C., Beznosov, K.: A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, July 2011, pp. 1–20. http://doi.org/10.10/fxp2bp

  18. Addae, J.H., Sun, X., Towey, D., Radenkovic, M.: Exploring user behavioral data for adaptive cybersecurity. User Model. User-Adapt. Interact. 29(3), 701–750 (2019). https://doi.org/10.1007/s11257-019-09236-5

    Article  Google Scholar 

  19. Albrechtsen, E.: A qualitative study of users’ view on information security. Comput. Secur. 26(4), 276–289 (2007). https://doi.org/10.1016/j.cose.2006.11.004

    Article  Google Scholar 

  20. Choong, Y.-Y.: A Cognitive-Behavioral Framework of User Password Management Lifecycle. In: Tryfonas, T., Askoxylakis, I. (eds.) Human Aspects of Information Security, Privacy, and Trust, vol. 8533, pp. 127–137. Springer, Cham (2014)

    Chapter  Google Scholar 

  21. Hirshfield, L., et al.: The Role of Human Operators’ Suspicion in the Detection of Cyber Attacks, pp. 1482–1499 (2019)

    Google Scholar 

  22. Huang, D.-L., Rau, P.-L., Salvendy, G.: A Survey of Factors Influencing People’s Perception of Information Security. 2007, vol. 4553, pp. 906–915 (2007)

    Google Scholar 

  23. Lee, V.C.: Examining the Relationship between Autonomy, Competence, and Relatedness and Security Policy Compliant Behavior, Ph.D., Northcentral University, United States – Arizona (2015)

    Google Scholar 

  24. Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13(3), 319–340 (1989). https://doi.org/10.2307/249008

    Article  Google Scholar 

  25. Busch, M., Patil, S., Regal, G., Hochleitner, C., Tscheligi, M.: Persuasive information security: techniques to help employees protect organizational information security. In: Proceedings of the 11th International Conference on Persuasive Technology - Volume 9638, Salzburg, Austria, pp. 339–351 (2016). http://doi.org/10.10/ggwmfr

  26. Kankane, S., DiRusso, C., Buckley, C.: Can we nudge users toward better password management? an initial study. In: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems, Montreal QC, Canada, pp. 1–6 (2018). http://doi.org/10.10/ggwmcz

  27. Pope, M.B.: Time orientation, rational choice and deterrence – an information systems perspective, ProQuest Information & Learning (2014)

    Google Scholar 

  28. Weirich, D., Sasse, M.A.: Persuasive password security. In: CHI 2001 Extended Abstracts on Human Factors in Computing Systems, Seattle, Washington, March 2001, pp. 139–140 (2001). http://doi.org/10.10/fkhtkx

  29. Zhang, C., Simon, J.C.: “Ted” Lee, “An Empirical Investigation of Decision Making in IT-Related Dilemmas: Impact of Positive and Negative Consequence Information,” J. Organ. End User Comput. Hershey, vol. 28, no. 4, p. 73 (2016). http://doi.org/10.10/f873bx

  30. Jeske, D., Briggs, P., Coventry, L.: Exploring the relationship between impulsivity and decision-making on mobile devices. Pers. Ubiquitous Comput. 20(4), 545–557 (2016). https://doi.org/10.1007/s00779-016-0938-4

    Article  Google Scholar 

  31. Kajzer, M., D’Arcy, J., Crowell, C.R., Striegel, A., Van Bruggen, D.: An exploratory investigation of message-person congruence in information security awareness campaigns. Comput. Secur. 43, 64–76 (2014). https://doi.org/10.1016/j.cose.2014.03.003

    Article  Google Scholar 

  32. Li, Y., Zhang, N., Siponen, M.: Keeping secure to the end: a long-term perspective to understand employees’ consequence-delayed information security violation. Behav. Inf. Technol. 38(5), 435–453 (2019). https://doi.org/10.1080/0144929X.2018.1539519

    Article  Google Scholar 

  33. Anderson, B.B., Jenkins, J.L., Vance, A., Kirwan, C.B., Eargle, D.: Your memory is working against you, Decis. Support Syst., 92, 3–13 (2016). http://doi.org/10.10/ggjc9b

  34. Jenkins, J.L., Anderson, B.B., Vance, A., Kirwan, C.B., Eargle, D.: More harm than good? how messages that interrupt can make us vulnerable. Inf. Syst. Res. 27(4), 880–896 (2016). https://doi.org/10.1287/isre.2016.0644

    Article  Google Scholar 

  35. Mathur, A.: A Human-Centered Approach to Improving The User Experience Of Software Updates, Thesis (2016). https://doi.org/10.13016/M2N220

  36. Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33(3), 237–248 (2014)

    Article  MathSciNet  Google Scholar 

  37. Cuchta, T., et al.: Human risk factors in cybersecurity. In: Proceedings of the 20th Annual SIG Conference on Information Technology Education, Tacoma, WA, USA, September 2019, pp. 87–92 (2019). http://doi.org/10.10/ggwmch

  38. Shaw, R.S., Chen, C.C., Harris, A.L., Huang, H.-J.: The impact of information richness on information security awareness training effectiveness. Comput. Educ. 52(1), 92–100 (2009). https://doi.org/10.1016/j.compedu.2008.06.011

    Article  Google Scholar 

  39. Papadaki, K., Polemi, D.: Collaboration and knowledge sharing platform for supporting a risk management network of practice. In: 2008 Third International Conference on Internet and Web Applications and Services, June 2008, pp. 239–244 (2008). http://doi.org/10.10/d2rvcz

  40. Smith, S.W.: Security and cognitive bias: exploring the role of the mind. IEEE Secur. Priv. 10(5), 75–78 (2012). https://doi.org/10.1109/MSP.2012.126

    Article  Google Scholar 

  41. Briggs, P., Jeske, D., Coventry, L.: Behavior change interventions for cybersecurity. In: Little, L., Sillence, E., Joinson, A. (eds.) Behavior Change Research and Theory: Psychological and Technological Perspectives, San Diego, CA: Elsevier Academic Press, pp. 115–136 (2017)

    Google Scholar 

  42. de Bruijn, H., Janssen, M.: Building Cybersecurity Awareness: The need for evidence-based framing strategies. Gov. Inf. Q. 34(1), 1–7 (2017). https://doi.org/10.1016/j.giq.2017.02.007

    Article  Google Scholar 

  43. Houston, N.: The impact of human behavior on cyber security. In: Khosrow-Pour, M. (ed.) Multigenerational Online Behavior and Media Use: Concepts, Methodologies, Tools, and Applications, Hershey, PA: Information Science Reference/IGI Global, 2019, pp. 1245–1266 (2019)

    Google Scholar 

  44. Liu, X.M.: The cyber acumen: an integrative framework to understand average users’ decision-making processes in cybersecurity. In: Yan, Z. (ed.) Analyzing Human Behavior in Cyberspace, Hershey, PA: Information Science Reference/IGI Global, 2019, pp. 192–208 (2019)

    Google Scholar 

  45. Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cyber security risk. Comput. Secur. 31(4), 597–611 (2012). https://doi.org/10.1016/j.cose.2011.12.010

    Article  Google Scholar 

  46. Tsohou, A., Karyda, M., Kokolakis, S.: Analyzing the role of cognitive and cultural biases in the internalization of information security policies. Comput. Secur., vol. 52, no. C, pp. 128–141, July 2015 (2015). http://doi.org/10.10/f82r6w

  47. Williams, E.J., Beardmore, A., Joinson, A.N.: Individual differences in susceptibility to online influence: a theoretical review. Comput. Hum. Behav. 72, 412–421 (2017). https://doi.org/10.1016/j.chb.2017.03.002

    Article  Google Scholar 

  48. Nelson, T.E., Clawson, R.A., Oxley, Z.M.: Media framing of a civil liberties conflict and its effect on tolerance. Am. Polit. Sci. Rev. 91(3), 567–583 (1997). https://doi.org/10.2307/2952075

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Wisconsin, Madison, WI, 53706, USA

    Philip Romero-Masters

Authors
  1. Philip Romero-Masters
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philip Romero-Masters .

Editor information

Editors and Affiliations

  1. Humboldt University of Berlin, Berlin, Germany

    Katharina Toeppe

  2. Renmin University of China, Beijing, China

    Hui Yan

  3. The University of Hong Kong, Hong Kong, Hong Kong

    Samuel Kai Wah Chu

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Romero-Masters, P. (2021). The Model of Influence in Cybersecurity with Frames. In: Toeppe, K., Yan, H., Chu, S.K.W. (eds) Diversity, Divergence, Dialogue. iConference 2021. Lecture Notes in Computer Science(), vol 12646. Springer, Cham. https://doi.org/10.1007/978-3-030-71305-8_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-71305-8_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71304-1

  • Online ISBN: 978-3-030-71305-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation