An Instrument to Measure Human Behavior Toward Cyber Security Policies

Khalid Adnan Alissa; Hanan Abdullah Alshehri; Shahad Abdulaziz Dahdouh; Basstaa Mohammad Alsubaie; Afnan Mohammed Alghamdi; Abdulrahman Alharby; Norah Ahmed Almubairik

doi:10.1109/NCG.2018.8592978

An Instrument to Measure Human Behavior Toward Cyber Security Policies

Khalid Adnan Alissa
, Hanan Abdullah Alshehri
, Shahad Abdulaziz Dahdouh
, Basstaa Mohammad Alsubaie
, Afnan Mohammed Alghamdi
, Abdulrahman Alharby
, Norah Ahmed Almubairik

Networks and Communications Department

Imam Abdulrahman Bin Faisal University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Scopus citations

Abstract

Human is the weakest link in information security. Even with strong cyber security policies an organization can still be hacked because of a human error. Even if people are aware of the policies and their importance they might not behave accordingly. This shows to the importance of studying and measuring human behavior toward cyber security policies. This paper introduces a new instrument that can be used to measure human behavior toward cybersecurity policies through creative measures. The goal is to gather data about human behaviors toward cybersecurity policies in natural environment. This method of gathering information allows people to behave normally and don't feel the need to answer perfectly. The paper illustrates all the previous work related to the subject, summarizing previous work in order to improve what have been previously done. The methodology seeks on measuring behavior based on specific measures. These measures are the password, email, identity, sensitive data, and physical/resource security. Each measure has a number of policies used to measure behavior. These policies were selected among several policies based on literature from the same field and the opinion of experts in the field. These question that went through several rounds of check were used to build the proposedinstrument. This instrument then shall be used by researchers to collect data and perform the required analysis. This paper discusses the behavior pattern in a detail and concise manner. The paper demonstrates that it is posable to measure behavior if the right we questions were asked in the right way.

Original language	English
Title of host publication	21st Saudi Computer Society National Computer Conference, NCC 2018
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781538641095
DOIs	https://doi.org/10.1109/NCG.2018.8592978
State	Published - 27 Dec 2018
Event	21st Saudi Computer Society National Computer Conference, NCC 2018 - Riyadh, Saudi Arabia Duration: 25 Apr 2018 → 26 Apr 2018

Publication series

Name	21st Saudi Computer Society National Computer Conference, NCC 2018

Conference

Conference	21st Saudi Computer Society National Computer Conference, NCC 2018
Country/Territory	Saudi Arabia
City	Riyadh
Period	25/04/18 → 26/04/18

Keywords

component
Cyber security policies
Gamification
Human behavior
Information system policie
Masuerment instrument

Access to Document

10.1109/NCG.2018.8592978

Cite this

Alissa, K. A., Alshehri, H. A., Dahdouh, S. A., Alsubaie, B. M., Alghamdi, A. M., Alharby, A., & Almubairik, N. A. (2018). An Instrument to Measure Human Behavior Toward Cyber Security Policies. In 21st Saudi Computer Society National Computer Conference, NCC 2018 Article 8592978 (21st Saudi Computer Society National Computer Conference, NCC 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/NCG.2018.8592978

@inproceedings{8b6329b3bc72463cbe735625ffca34a3,

title = "An Instrument to Measure Human Behavior Toward Cyber Security Policies",

abstract = "Human is the weakest link in information security. Even with strong cyber security policies an organization can still be hacked because of a human error. Even if people are aware of the policies and their importance they might not behave accordingly. This shows to the importance of studying and measuring human behavior toward cyber security policies. This paper introduces a new instrument that can be used to measure human behavior toward cybersecurity policies through creative measures. The goal is to gather data about human behaviors toward cybersecurity policies in natural environment. This method of gathering information allows people to behave normally and don't feel the need to answer perfectly. The paper illustrates all the previous work related to the subject, summarizing previous work in order to improve what have been previously done. The methodology seeks on measuring behavior based on specific measures. These measures are the password, email, identity, sensitive data, and physical/resource security. Each measure has a number of policies used to measure behavior. These policies were selected among several policies based on literature from the same field and the opinion of experts in the field. These question that went through several rounds of check were used to build the proposedinstrument. This instrument then shall be used by researchers to collect data and perform the required analysis. This paper discusses the behavior pattern in a detail and concise manner. The paper demonstrates that it is posable to measure behavior if the right we questions were asked in the right way.",

keywords = "component, Cyber security policies, Gamification, Human behavior, Information system policie, Masuerment instrument",

author = "Alissa, \{Khalid Adnan\} and Alshehri, \{Hanan Abdullah\} and Dahdouh, \{Shahad Abdulaziz\} and Alsubaie, \{Basstaa Mohammad\} and Alghamdi, \{Afnan Mohammed\} and Abdulrahman Alharby and Almubairik, \{Norah Ahmed\}",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 21st Saudi Computer Society National Computer Conference, NCC 2018 ; Conference date: 25-04-2018 Through 26-04-2018",

year = "2018",

month = dec,

day = "27",

doi = "10.1109/NCG.2018.8592978",

language = "English",

series = "21st Saudi Computer Society National Computer Conference, NCC 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "21st Saudi Computer Society National Computer Conference, NCC 2018",

}

Alissa, KA, Alshehri, HA, Dahdouh, SA, Alsubaie, BM, Alghamdi, AM, Alharby, A & Almubairik, NA 2018, An Instrument to Measure Human Behavior Toward Cyber Security Policies. in 21st Saudi Computer Society National Computer Conference, NCC 2018., 8592978, 21st Saudi Computer Society National Computer Conference, NCC 2018, Institute of Electrical and Electronics Engineers Inc., 21st Saudi Computer Society National Computer Conference, NCC 2018, Riyadh, Saudi Arabia, 25/04/18. https://doi.org/10.1109/NCG.2018.8592978

An Instrument to Measure Human Behavior Toward Cyber Security Policies. / Alissa, Khalid Adnan; Alshehri, Hanan Abdullah; Dahdouh, Shahad Abdulaziz et al.
21st Saudi Computer Society National Computer Conference, NCC 2018. Institute of Electrical and Electronics Engineers Inc., 2018. 8592978 (21st Saudi Computer Society National Computer Conference, NCC 2018).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An Instrument to Measure Human Behavior Toward Cyber Security Policies

AU - Alissa, Khalid Adnan

AU - Alshehri, Hanan Abdullah

AU - Dahdouh, Shahad Abdulaziz

AU - Alsubaie, Basstaa Mohammad

AU - Alghamdi, Afnan Mohammed

AU - Alharby, Abdulrahman

AU - Almubairik, Norah Ahmed

PY - 2018/12/27

Y1 - 2018/12/27

N2 - Human is the weakest link in information security. Even with strong cyber security policies an organization can still be hacked because of a human error. Even if people are aware of the policies and their importance they might not behave accordingly. This shows to the importance of studying and measuring human behavior toward cyber security policies. This paper introduces a new instrument that can be used to measure human behavior toward cybersecurity policies through creative measures. The goal is to gather data about human behaviors toward cybersecurity policies in natural environment. This method of gathering information allows people to behave normally and don't feel the need to answer perfectly. The paper illustrates all the previous work related to the subject, summarizing previous work in order to improve what have been previously done. The methodology seeks on measuring behavior based on specific measures. These measures are the password, email, identity, sensitive data, and physical/resource security. Each measure has a number of policies used to measure behavior. These policies were selected among several policies based on literature from the same field and the opinion of experts in the field. These question that went through several rounds of check were used to build the proposedinstrument. This instrument then shall be used by researchers to collect data and perform the required analysis. This paper discusses the behavior pattern in a detail and concise manner. The paper demonstrates that it is posable to measure behavior if the right we questions were asked in the right way.

AB - Human is the weakest link in information security. Even with strong cyber security policies an organization can still be hacked because of a human error. Even if people are aware of the policies and their importance they might not behave accordingly. This shows to the importance of studying and measuring human behavior toward cyber security policies. This paper introduces a new instrument that can be used to measure human behavior toward cybersecurity policies through creative measures. The goal is to gather data about human behaviors toward cybersecurity policies in natural environment. This method of gathering information allows people to behave normally and don't feel the need to answer perfectly. The paper illustrates all the previous work related to the subject, summarizing previous work in order to improve what have been previously done. The methodology seeks on measuring behavior based on specific measures. These measures are the password, email, identity, sensitive data, and physical/resource security. Each measure has a number of policies used to measure behavior. These policies were selected among several policies based on literature from the same field and the opinion of experts in the field. These question that went through several rounds of check were used to build the proposedinstrument. This instrument then shall be used by researchers to collect data and perform the required analysis. This paper discusses the behavior pattern in a detail and concise manner. The paper demonstrates that it is posable to measure behavior if the right we questions were asked in the right way.

KW - component

KW - Cyber security policies

KW - Gamification

KW - Human behavior

KW - Information system policie

KW - Masuerment instrument

UR - https://www.scopus.com/pages/publications/85061484730

U2 - 10.1109/NCG.2018.8592978

DO - 10.1109/NCG.2018.8592978

M3 - Conference contribution

AN - SCOPUS:85061484730

T3 - 21st Saudi Computer Society National Computer Conference, NCC 2018

BT - 21st Saudi Computer Society National Computer Conference, NCC 2018

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 21st Saudi Computer Society National Computer Conference, NCC 2018

Y2 - 25 April 2018 through 26 April 2018

ER -

Alissa KA, Alshehri HA, Dahdouh SA, Alsubaie BM, Alghamdi AM, Alharby A et al. An Instrument to Measure Human Behavior Toward Cyber Security Policies. In 21st Saudi Computer Society National Computer Conference, NCC 2018. Institute of Electrical and Electronics Engineers Inc. 2018. 8592978. (21st Saudi Computer Society National Computer Conference, NCC 2018). doi: 10.1109/NCG.2018.8592978

An Instrument to Measure Human Behavior Toward Cyber Security Policies

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this