Understanding the impact of time pressure on human cybersecurity behavior

Chowdhury, Mohammad Noman H.

Title: Understanding the impact of time pressure on human cybersecurity behavior
Creator: Chowdhury, Mohammad Noman H.
Relation: University of Newcastle Research Higher Degree Thesis
Resource Type: thesis
Date: 2021
Description: Research Doctorate - Doctor of Philosophy (PhD)
Description: Introduction: In cybersecurity, human non-secure behavior and human error are consistently cited as significant causes behind cyber incidents. One of the factors that influences our behavior with regards to cybersecurity is time pressure. Lack of understanding in this regard will only weaken the human firewall, impairing our efforts to secure cyber assets from cyber incidents/attacks. However, research on understanding the impact of time pressure is scant. This thesis is therefore intended to address this gap. Objective: This research is targeted to expand our theoretical and practical understanding of how direct and indirect sources of time pressure (e.g., language cues in phishing emails, work-related stress) can weaken the human firewall and trigger insecure cybersecurity behavior. Methods and results: Systematic Literature Review. We first carried out a systematic literature review (SLR) in order to understand the current body of knowledge on how time pressure affects or induces human cybersecurity (HCS) behavior. Using synthesized dimensions, we established the first comprehensive theoretical framework for how time pressure affects human cybersecurity behavior (page v, publication 1, ‘A’ ranked journal). Qualitative study. Following this, in order to validate and expand our initial theoretical framework, we conducted the first comprehensive qualitative study on this matter, involving semi-structured interviews with 15 cybersecurity experts and 20 non-security professionals and private users. In this work, in addition to contributing to theoretical understanding, we also investigated specific countermeasures to facilitate secure behavior under time pressure (page v, publication 3, ‘A’ ranked journal). A peer-reviewed paper on this matter was also presented at the 26th International Conference on Systems Engineering (ICSEng) organized by IEEE and ii held in Sydney in 2018 (page v, publication 2). Most importantly, we identified 13 cybersecurity measures (CSMs) and categorized them into four broad classes, namely, Technical, Operational, Physical and Human CSMs. Quantitative study: We then conducted a survey involving 208 participants in order to understand the extent to which the countermeasures are perceived to be effective and how user characteristics influence the perceived effectiveness of countermeasures (PCSME). The knowledge created in this work will be critical to informing the development of targeted training and intervention programs to facilitate secure behavior with regards to IT assets (page v, publication (in progress) 4). The findings of this study show that organizational policies and technical means should be further augmented by integrating other operational, human, and physical CSMs. The study also analyzes how different psychological constructs impact perceived CSM effectiveness. Through these findings the study contributes to guiding practitioners and researchers in designing more effective cybersecurity strategies in time pressure contexts. Content analysis: As the final part of his thesis, we conducted a content analysis of cybersecurity standards and policies from government, non-government and business organizations across Australia in order to understand the extent to which time pressure is addressed in those documents. In our analysis we identified the sources and effects of time pressure in industry, threats, organizations and individual user level. The findings of this study will inform and guide policy makers and technologists in how to incorporate information in cybersecurity documents that specifies and drives cybersecurity behavior under time pressure in more rigorous ways and at the operational level (page v, publication (in progress) 5).
Subject: time pressure; cybersecurity behaviour
Identifier: http://hdl.handle.net/1959.13/1438998
Identifier: uon:40791
Language: eng
Full Text

Hits: 401
Visitors: 833
Downloads: 496

		Thumbnail	File	Description	Size	Format
View Details Download			ATTACHMENT01	Thesis	5 MB	Adobe Acrobat PDF	View Details Download
View Details Download			ATTACHMENT02	Abstract	490 KB	Adobe Acrobat PDF	View Details Download