Abstract
The Model of Influence in Cybersecurity with Frames unifies the current literature around influence and media effects in cybersecurity messaging. Building on the Process Model of Framing Research by Scheufele, this new model applies directly to the cybersecurity area and provides a macro-level view to further researcher understand of cybersecurity influence and provide options for intervention by organizational security professionals. This analysis included 42 documents concerning the work of influencing users to engage in secure behavior covering topics in persuasion, user interface design, equivalency framing, managing, and understanding user perceptions, and exploring user mental models regarding cybersecurity. This review also investigates the use of framing in cybersecurity and the definitions needed to contextualize and understand research in cybersecurity that uses framing. This model is intended as a starting point with which to build a larger understanding of cybersecurity communication to address human factors in cybersecurity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Scheufele, D.: Framing as a theory of media effects. J. Commun. 49, 103–122 (1999). https://doi.org/10.1111/j.1460-2466.1999.tb02784.x
Cacciatore, M.A., Scheufele, D.A., Iyengar, S.: The end of framing as we know it … and the future of media effects. Mass Commun. Soc. 19(1), 7–23 (2016). https://doi.org/10.1080/15205436.2015.1068811
Scheufele, D.A., Tewksbury, D.: Framing, agenda setting, and priming: the evolution of three media effects models: models of media effects. J. Commun. 57(1), 9–20 (2007). https://doi.org/10.1111/j.0021-9916.2007.00326.x
Entman, R.M.: Framing: toward clarification of a fractured paradigm. J. Commun. 43(4), 51–58 (1993). https://doi.org/10.1111/j.1460-2466.1993.tb01304.x
Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review, MIS Q., 26(2), xiii–xxiii (2002)
Barlow, J.B., Warkentin, M., Ormond, D., Dennis, A.R.: Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Comput. Secur. 39, 145–159 (2013). https://doi.org/10.1016/j.cose.2013.05.006
Burns, A.J., Johnson, M.E., Caputo, D.D.: Spear phishing in a barrel: insights from a targeted phishing campaign. J. Organ. Comput. Electron. Commer. 29(1), 24–39 (2019). https://doi.org/10.1080/10919392.2019.1552745
Chen, J., Gates, C.S., Li, N., Proctor, R.W.: Influence of risk/safety information framing on android app-installation decisions. J. Cogn. Eng. Decis. Mak. 9(2), 149–168 (2015). https://doi.org/10.1177/1555343415570055
Das, S., Kramer, A.D.I., Dabbish, L.A., Hong, J.I.: Increasing security sensitivity with social proof: a large-scale experimental confirmation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA, November 2014, pp. 739–749 (2014). http://doi.org/10.10/ggwmdd
Dennis, A.R., Minas, R.K.: Security on autopilot: why current security theories hijack our thinking and lead us astray. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 49, 15–38 (2018). http://doi.org/10.10/gdg2q3
Proctor, R.W., Chen, J.: The role of human factors/ergonomics in the science of security: decision making and action selection in cyberspace. Hum. Factors 57(5), 721–727 (2015)
Tversky, A., Kahneman, D.: The framing of decisions and the psychology of choice. Science 211(4481), 453–458 (1981). https://doi.org/10.1126/science.7455683
Johnston, A.C., et al.: Speak their language: designing effective messages to improve employees’ information security decision making. Decis. Sci. Atlanta 50(2), 245–284 (2019). https://doi.org/10.1111/deci.12328
Diesner, J., Kumaraguru, P., Carley, K.M.: Mental models of data privacy and security of indians extracted from texts. In: Conference Papers – International Communication Association, May 2005, pp. 1–13. http://search.ebscohost.com/login.aspx?direct=true&AuthType=ip,uid&db=ufh&AN=18655489&site=ehost-live&scope=site. Accessed 10 July 2020
Laaksonen, A.E., Niemimaa, M., Harnesk, D.: Influences of frame incongruence on information security policy outcomes: an interpretive case study. Int. J. Soc. Organ. Dyn. IT 3(3), 33–50 (2014). https://doi.org/10.4018/ijsodit.2013070103
Qiu, C., Zhao, W., Jiang, J., Han, J.: A teaching model application in the course of information security. In: Proceedings of the 2011 Third International Workshop on Education Technology and Computer Science - volume 02, USA, March 2011, pp. 138–141. Accessed 10 July 2020
Raja, F., Hawkey, K., Hsu, S., Wang, K.-L.C., Beznosov, K.: A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, July 2011, pp. 1–20. http://doi.org/10.10/fxp2bp
Addae, J.H., Sun, X., Towey, D., Radenkovic, M.: Exploring user behavioral data for adaptive cybersecurity. User Model. User-Adapt. Interact. 29(3), 701–750 (2019). https://doi.org/10.1007/s11257-019-09236-5
Albrechtsen, E.: A qualitative study of users’ view on information security. Comput. Secur. 26(4), 276–289 (2007). https://doi.org/10.1016/j.cose.2006.11.004
Choong, Y.-Y.: A Cognitive-Behavioral Framework of User Password Management Lifecycle. In: Tryfonas, T., Askoxylakis, I. (eds.) Human Aspects of Information Security, Privacy, and Trust, vol. 8533, pp. 127–137. Springer, Cham (2014)
Hirshfield, L., et al.: The Role of Human Operators’ Suspicion in the Detection of Cyber Attacks, pp. 1482–1499 (2019)
Huang, D.-L., Rau, P.-L., Salvendy, G.: A Survey of Factors Influencing People’s Perception of Information Security. 2007, vol. 4553, pp. 906–915 (2007)
Lee, V.C.: Examining the Relationship between Autonomy, Competence, and Relatedness and Security Policy Compliant Behavior, Ph.D., Northcentral University, United States – Arizona (2015)
Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13(3), 319–340 (1989). https://doi.org/10.2307/249008
Busch, M., Patil, S., Regal, G., Hochleitner, C., Tscheligi, M.: Persuasive information security: techniques to help employees protect organizational information security. In: Proceedings of the 11th International Conference on Persuasive Technology - Volume 9638, Salzburg, Austria, pp. 339–351 (2016). http://doi.org/10.10/ggwmfr
Kankane, S., DiRusso, C., Buckley, C.: Can we nudge users toward better password management? an initial study. In: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems, Montreal QC, Canada, pp. 1–6 (2018). http://doi.org/10.10/ggwmcz
Pope, M.B.: Time orientation, rational choice and deterrence – an information systems perspective, ProQuest Information & Learning (2014)
Weirich, D., Sasse, M.A.: Persuasive password security. In: CHI 2001 Extended Abstracts on Human Factors in Computing Systems, Seattle, Washington, March 2001, pp. 139–140 (2001). http://doi.org/10.10/fkhtkx
Zhang, C., Simon, J.C.: “Ted” Lee, “An Empirical Investigation of Decision Making in IT-Related Dilemmas: Impact of Positive and Negative Consequence Information,” J. Organ. End User Comput. Hershey, vol. 28, no. 4, p. 73 (2016). http://doi.org/10.10/f873bx
Jeske, D., Briggs, P., Coventry, L.: Exploring the relationship between impulsivity and decision-making on mobile devices. Pers. Ubiquitous Comput. 20(4), 545–557 (2016). https://doi.org/10.1007/s00779-016-0938-4
Kajzer, M., D’Arcy, J., Crowell, C.R., Striegel, A., Van Bruggen, D.: An exploratory investigation of message-person congruence in information security awareness campaigns. Comput. Secur. 43, 64–76 (2014). https://doi.org/10.1016/j.cose.2014.03.003
Li, Y., Zhang, N., Siponen, M.: Keeping secure to the end: a long-term perspective to understand employees’ consequence-delayed information security violation. Behav. Inf. Technol. 38(5), 435–453 (2019). https://doi.org/10.1080/0144929X.2018.1539519
Anderson, B.B., Jenkins, J.L., Vance, A., Kirwan, C.B., Eargle, D.: Your memory is working against you, Decis. Support Syst., 92, 3–13 (2016). http://doi.org/10.10/ggjc9b
Jenkins, J.L., Anderson, B.B., Vance, A., Kirwan, C.B., Eargle, D.: More harm than good? how messages that interrupt can make us vulnerable. Inf. Syst. Res. 27(4), 880–896 (2016). https://doi.org/10.1287/isre.2016.0644
Mathur, A.: A Human-Centered Approach to Improving The User Experience Of Software Updates, Thesis (2016). https://doi.org/10.13016/M2N220
Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33(3), 237–248 (2014)
Cuchta, T., et al.: Human risk factors in cybersecurity. In: Proceedings of the 20th Annual SIG Conference on Information Technology Education, Tacoma, WA, USA, September 2019, pp. 87–92 (2019). http://doi.org/10.10/ggwmch
Shaw, R.S., Chen, C.C., Harris, A.L., Huang, H.-J.: The impact of information richness on information security awareness training effectiveness. Comput. Educ. 52(1), 92–100 (2009). https://doi.org/10.1016/j.compedu.2008.06.011
Papadaki, K., Polemi, D.: Collaboration and knowledge sharing platform for supporting a risk management network of practice. In: 2008 Third International Conference on Internet and Web Applications and Services, June 2008, pp. 239–244 (2008). http://doi.org/10.10/d2rvcz
Smith, S.W.: Security and cognitive bias: exploring the role of the mind. IEEE Secur. Priv. 10(5), 75–78 (2012). https://doi.org/10.1109/MSP.2012.126
Briggs, P., Jeske, D., Coventry, L.: Behavior change interventions for cybersecurity. In: Little, L., Sillence, E., Joinson, A. (eds.) Behavior Change Research and Theory: Psychological and Technological Perspectives, San Diego, CA: Elsevier Academic Press, pp. 115–136 (2017)
de Bruijn, H., Janssen, M.: Building Cybersecurity Awareness: The need for evidence-based framing strategies. Gov. Inf. Q. 34(1), 1–7 (2017). https://doi.org/10.1016/j.giq.2017.02.007
Houston, N.: The impact of human behavior on cyber security. In: Khosrow-Pour, M. (ed.) Multigenerational Online Behavior and Media Use: Concepts, Methodologies, Tools, and Applications, Hershey, PA: Information Science Reference/IGI Global, 2019, pp. 1245–1266 (2019)
Liu, X.M.: The cyber acumen: an integrative framework to understand average users’ decision-making processes in cybersecurity. In: Yan, Z. (ed.) Analyzing Human Behavior in Cyberspace, Hershey, PA: Information Science Reference/IGI Global, 2019, pp. 192–208 (2019)
Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cyber security risk. Comput. Secur. 31(4), 597–611 (2012). https://doi.org/10.1016/j.cose.2011.12.010
Tsohou, A., Karyda, M., Kokolakis, S.: Analyzing the role of cognitive and cultural biases in the internalization of information security policies. Comput. Secur., vol. 52, no. C, pp. 128–141, July 2015 (2015). http://doi.org/10.10/f82r6w
Williams, E.J., Beardmore, A., Joinson, A.N.: Individual differences in susceptibility to online influence: a theoretical review. Comput. Hum. Behav. 72, 412–421 (2017). https://doi.org/10.1016/j.chb.2017.03.002
Nelson, T.E., Clawson, R.A., Oxley, Z.M.: Media framing of a civil liberties conflict and its effect on tolerance. Am. Polit. Sci. Rev. 91(3), 567–583 (1997). https://doi.org/10.2307/2952075
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Romero-Masters, P. (2021). The Model of Influence in Cybersecurity with Frames. In: Toeppe, K., Yan, H., Chu, S.K.W. (eds) Diversity, Divergence, Dialogue. iConference 2021. Lecture Notes in Computer Science(), vol 12646. Springer, Cham. https://doi.org/10.1007/978-3-030-71305-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-71305-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71304-1
Online ISBN: 978-3-030-71305-8
eBook Packages: Computer ScienceComputer Science (R0)