00568nas a2200157 4500008004100000245007500041210006900116260000900185653001500194653000800209100002000217700001900237700001800256700002400274856011200298 2021 eng d00aMachine Learning and Survey-based Predictors of InfoSec Non-Compliance0 aMachine Learning and Surveybased Predictors of InfoSec NonCompli c202110aAccounting10aBIS1 aMarshall, Byron1 aCurry, Michael1 aCorreia, John1 aCrossler, Robert, E u/biblio/machine-learning-and-survey-based-predictors-infosec-non-compliance02597nas a2200193 4500008004100000245007500041210006900116260000900185300000900194490000700203520197500210653001502185653000802200100002002208700001902228700001802247700002402265856011402289 2021 eng d00aMachine Learning and Survey-based Predictors of InfoSec Non-Compliance0 aMachine Learning and Surveybased Predictors of InfoSec NonCompli c2021 a1-200 v133 aSurvey items developed in behavioral Information Security (InfoSec) research should be practically useful in identifying individuals who are likely to create risk by failing to comply with InfoSec guidance. The literature shows that attitudes, beliefs, and perceptions drive compliance behavior and has influenced the creation of a multitude of training programs focused on improving ones’ InfoSec behaviors. While automated controls and directly observable technical indicators are generally preferred by InfoSec practitioners, difficult-to-monitor user actions can still compromise the effectiveness of automatic controls. For example, despite prohibition, doubtful or skeptical employees often increase organizational risk by using the same password to authenticate corporate and external services. Analysis of network traffic or device configurations is unlikely to provide evidence of these vulnerabilities but responses to well-designed surveys might. Guided by the relatively new IPAM model, this study administered 96 survey items from the Behavioral InfoSec literature, across three separate points in time, to 217 respondents. Using systematic feature selection techniques, manageable subsets of 29, 20, and 15 items were identified and tested as predictors of non-compliance with security policy. The feature selection process validates IPAM's innovation in using nuanced self-efficacy and planning items across multiple time frames. Prediction models were trained using several ML algorithms. Practically useful levels of prediction accuracy were achieved with, for example, ensemble tree models identifying 69% of the riskiest individuals within the top 25% of the sample. The findings indicate the usefulness of psychometric items from the behavioral InfoSec in guiding training programs and other cybersecurity control activities and demonstrate that they are promising as additional inputs to AI models that monitor networks for security events.10aAccounting10aBIS1 aMarshall, Byron1 aCurry, Michael1 aCorreia, John1 aCrossler, Robert, E u/biblio/machine-learning-and-survey-based-predictors-infosec-non-compliance-001598nas a2200157 4500008004100000245013000041210006900171260000900240520106500249653001501314653000801329100001901337700002001356700002401376856004001400 2019 eng d00aIdentifying potentially risky insider on-compliance using machine learning to assess multiple protection motivation behaviors0 aIdentifying potentially risky insider oncompliance using machine c20193 aCybersecurity researchers have made significant steps to understand the mechanisms of security policy compliance and unify theories of security behavior. However, due partly to the limitations of traditional variance model statistical methods, these studies by necessity typically focus on a single security policy issue. By contrast, new machine learning algorithms frequently employed by data scientists offer great promise as a new statistical approach for examining robust individualized interpretations of policy and can also identify potentially risky behaviors. This study proposes to explore cybersecurity training impediments of multiple protection motivation behaviors in ransomware prevention training. It demonstrates the feasibility of using machine learning with survey items from the cybersecurity research to predict non-compliance. It also illustrates a potentially novel method to statistically validate research theory through higher levels of ML prediction. This study is a work in progress and we seek feedback on its design and relevance.10aAccounting10aBIS1 aCurry, Michael1 aMarshall, Byron1 aCrossler, Robert, E uhttps://aisel.aisnet.org/wisp2019/101681nas a2200193 4500008004100000245008400041210006900125260000900194300001200203490000700215520112200222653001501344653000801359100001901367700002001386700001801406700002401424856003901448 2019 eng d00aInfoSec Process Action Model (IPAM): Targeting Insider's Weak Password Behavior0 aInfoSec Process Action Model IPAM Targeting Insiders Weak Passwo c2019 a201-2250 v333 aThe possibility of noncompliant behavior is a challenge for cybersecurity professionals and their auditors as they try to estimate residual control risk. Building on the recently proposed InfoSec Process Action Model (IPAM), this work explores how nontechnical assessments and interventions can indicate and reduce the likelihood of risky individual behavior. The multi-stage approach seeks to bridge the well-known gap between intent and action. In a strong password creation experiment involving 229 participants, IPAM constructs resulted in a marked increase in R2 for initiating compliance behavior with control expectations from 47 percent to 60 percent. Importantly, the model constructs offer measurable indications despite practical limitations on organizations' ability to assess problematic individual password behavior. A threefold increase in one measure of strong password behavior suggested the process positively impacted individual cybersecurity behavior. The results suggest that the process-nuanced IPAM approach is promising both for assessing and impacting security compliance behavior.10aAccounting10aBIS1 aCurry, Michael1 aMarshall, Byron1 aCorreia, John1 aCrossler, Robert, E uhttps://doi.org/10.2308/isys-5238102095nas a2200181 4500008004100000245009600041210006900137260000900206490000700215520144300222653001501665653000801680100001901688700002001707700002401727700001801751856014401769 2018 eng d00aInfoSec Process Action Model (IPAM): Systematically Addressing Individual Security Behavior0 aInfoSec Process Action Model IPAM Systematically Addressing Indi c20180 v493 aWhile much of the extant InfoSec research relies on single assessment models that predict intent to act, this article proposes a multi-stage InfoSec Process Action Model (IPAM) that can positively change individual InfoSec behavior. We believe that this model will allow InfoSec researchers to focus more directly on the process which leads to action and develop better interventions that address problematic security behaviors. Building on successful healthcare efforts which resulted in smoking cessation, regular exercise and a healthier diet, among others, IPAM is a hybrid, predictive, process approach to behavioral InfoSec improvement. IPAM formulates the motivational antecedents of intent as separate from the volitional drivers of behavior. Singular fear appeals often seen in InfoSec research are replaced by more nuanced treatments appropriately differentiated to support behavioral change as part of a process; phase-appropriate measures of self-efficacy are employed to more usefully assess the likelihood that a participant will act on good intentions; and decisional balance –assessment of pro and con perceptions – is monitored over time. These notions better align InfoSec research to both leading security practice and to successful comparators in healthcare. We believe IPAM can both help InfoSec research models better explain actual behavior and better inform practical security-behavior improvement initiatives.10aAccounting10aBIS1 aCurry, Michael1 aMarshall, Byron1 aCrossler, Robert, E1 aCorreia, John uhttps://www.researchgate.net/publication/321138048_InfoSec_Process_Action_Model_IPAM_Systematically_Addressing_Individual_Security_Behavior