Dissertation: Study helps to enhance information security by concentrating on three previously neglected human factors

In her dissertation, Tong Xin explored the role of prior experiences, mental construal, and emotional coping strategies in behavioral information security. The research demonstrates how these psychological factors significantly influence individuals' responses to information security threats. The findings suggest that a more nuanced understanding of these factors can lead to more effective cybersecurity measures.

Dissertation Event

Published

22.4.2024

Every day, we face an increasing number of complex cyber threats that frequently exploit human psychological weaknesses. From phishing attacks that manipulate individual psychology to ransomware that takes advantage of weak security awareness, human factors play a critical but unstable role in information security.

Tong Xin’s dissertation explores how human factors impact the information security and how deeper understanding might help fight Human-related security problems. Xin’s dissertation concentrates on three often overlooked but important factors.

Firstly, individual’s experiences related influence one's threat perception and subsequent security actions. This broadens the traditional definition of prior experience to include not just direct encounters with threats but also individuals' reactions and the outcomes of those reactions.

“For example, if someone has combated malware on their phone, the actions they took, and the results shape their future security behavior. Users who have successfully stopped, for example, a malware attack, are more likely to perceive similar future threats as severe and take proactive measures,” Xin explains.

The results suggest that organizations can enhance their information security training by emphasizing the importance of positive feedback and sharing success stories to boost employee confidence and proactive behaviors in handling cyber threats.

Secondly Xin studies individuals' psychological constructions and fear appeal messages and how they could be optimized for maximum impact on cybersecurity behavior.

Fear appeal messages are designed to motivate action by emphasizing the severe consequences of a risk. For example, a message might warn that failing to update antivirus software puts a person’s personal data at high risk of theft.

“The findings suggest that more concrete and closely related threat descriptions, like specific symptoms of a malware attack, make the threat seem more immediate and severe, increasing the likelihood of taking protective measures.”, Xin says.

By using messages that are specific, relatable and use first person narratives, organizations encourage their employees to be more proactive in taking better security measures.

Thirdly Xin studied emotion-focused coping strategies used in response to cybersecurity threats and how they affect security behaviors.

Individual’s emotion-focused coping aims to reduce emotional distress rather than directly tackling the threat and can include strategies such as avoidance, reactance, hopelessness, wishful thinking, and fatalism.

“For example, avoidance might involve using the same risky password despite known threats, while reactance could see an employee refusing mandated updates, viewing them as an infringement on autonomy.”, Xin tells.

Such strategies, particularly avoidance and fatalism, lead to decreased proactive security behaviors. According to Xin individuals who intend to avoidance might be more likely to change their attitudes and adopt protective measures with proper guidance; whereas those who believe that information security risks cannot be mitigated need more effort to correct their biases.

In conclusion, Tong Xin's dissertation gives tools to understand the human factor more deeply in information security. By considering human factors as central rather than peripheral, her work advocates for a more nuanced understanding of cybersecurity implementation and success.

“Looking ahead, expanding research to diverse demographic groups will further our understanding of how varied cultural and social backgrounds affect cybersecurity behaviors, leading to more precisely tailored and effective security interventions worldwide.”, Xin sums up.

More information

Tong Xin defends her doctoral dissertation “Securing the Human Factor - Understanding the Role of Prior Experience, Mental Representations, and Coping Strategies in Behavioral Information Security”. Opponent is Professor Huigang Liang (University of Memphis) and custos is Professor Heikki Karjaluoto (Ģ��ֱ��).

The language of the dissertation is English. The dissertation can be followed online or in the lecture hall.

Tong Xin
toxin891125@gmail.com

Related news

Does the tradwife phenomenon threaten equality?

The past serves as an argument for the supporters of conservative intimate relationship models as well as for the advocates of equal ones, writes Academy Research Fellow Riina Turunen from the Ģ��ֱ��.

New silver mass brings us a step closer in our understanding of the antineutrino mass

Researchers at the Ģ��ֱ�� have discovered a potential nuclear beta decay that could be used for antineutrino mass determination. The study has been published in the highly respected Physical Review Letters.

Sheryl Cooke’s dissertation proposes rethinking the English language testing standards

In her doctoral research, MA Sheryl Cooke examined how the global use of English as a lingua franca challenges traditional approaches to language testing.

Ģ��ֱ��