Psihološka Obzorja (Dec 2022)

Theories and models in behavioral information security research

  • Špela Grilc,
  • Kaja Prislan,
  • Anže Mihelič

DOI
https://doi.org/10.20419/2022.31.568
Journal volume & issue
Vol. 31
pp. 602 – 622

Abstract

Read online

Behavioral information security is concerned with explaining the role of users in the information security system, drawing on various psychological, organizational, and criminological theories to explain and predict user behavior. Despite numerous systematic literature reviews on the field of information security, there is no comprehensive systematic review of the theories used in behavioral information security research. The purpose of this paper is to investigate which theories are most widely used in research, in which subject areas they are most used, which factors are most frequently included in research according to each set of theories, and which are most frequently statistically significant. Accordingly, we made two studies involving a systematic review of the literature over the past ten years. The findings suggest that the most used theories include the protection motivation theory and the theory of planned behavior. In these two theories, self-efficacy and perceived usefulness of the technology are factors, which are most often statistically significant in predicting self-protective behavior.

Keywords