Beyond Rational Information Security Decisions: An Alternate View
Abstract
Extant work has examined users' security behavior in both individual and organizational contexts by mainly applying theories that assume users' rationality. While this has enhanced our understanding of the conscious factors that underlie security behaviors, the assumption of conscious rationality bounds the theoretical lens. Addressing this limitation would facilitate expanding the knowledge ecology in the information security literature. Information security studies have started to recognize this assumption. To evaluate this milieu of disparate approaches, we conduct a preliminary literature review and identify several nonconscious factors that may shape security behaviors. In this ERF paper, we discuss herd behavior, cognitive biases, automatic cognition (also termed system 1 thinking), affect, risk homeostasis, and framing effects perception. We discuss future plans to develop a research framework that integrates the alternate nonconscious factors that may underlie security behavior, thereby providing a comprehensive alternate approach to studying behavioral information security.
Recommended Citation
Nehme, A., Warkentin, M., Jang, K., & Kim, S. (2022). Beyond Rational Information Security Decisions: An Alternate View. 28th Americas Conference on Information Systems Amcis 2022 Association for Information Systems.
Department(s)
Business and Information Technology
Keywords and Phrases
bounded rationality; Information security behavior; insider threat; nonconscious; protection motivation
International Standard Book Number (ISBN)
978-195820000-1
Document Type
Article - Conference proceedings
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2025 Association for Information Systems, All rights reserved.
Publication Date
01 Jan 2022
