The Proposed Framework, Information Security Human Factor Framework

1296 Words6 Pages
The proposed framework, Information Security Human factor framework has two dimensions; organization & employee dimensions. Each dimension has two domains, under the organization dimension there is environment and management domains. Environment domain relates to cultural and regulation issues while the management domain is concerned with mainly security policies and practice of information security. The next dimension is the employee dimension. Preparedness and responsibility domains are included in this dimension. Preparedness is concerned with security, education, training and awareness while the responsibility domain is concerned with mainly employee practice and performance. Figure 2

The proposed framework considers the SCT and previous other research of human factors in information security. From the proposed Information Security human factor framework, domains of the proposed framework relate to the SCT factors in a couple of ways. Firstly, the SCT environmental factors relate to environment and management domains (Organization dimension) of the proposed framework. Secondly, SCT’s cognitive and behavioral factors are in relation with the employee dimension of the proposed framework.
The proposed framework is further enhanced by mapping factors considered in previous studies thus identifying subdomains of the four main domains (environment, responsibility, management, preparedness). The below table lists the domain, human factors and previous studies that
Open Document