TitleInfoSec Process Action Model (IPAM): Systematically Addressing Individual Security Behavior
Publication TypeJournal Articles
Year of Publication2018
AuthorsCurry, M, Marshall, B, Crossler, RE, Correia, J
JournalData Base for Advances in Information Systems
Volume49
IssueSI
Date Published2018
KeywordsAccounting, BIS, MBA
Abstract

While much of the extant InfoSec research relies on single assessment models that predict intent to act,this article proposes a multi-stage InfoSec Process Action Model (IPAM) that can positively change
individual InfoSec behavior. We believe that this model will allow InfoSec researchers to focus more
directly on the process which leads to action and develop better interventions that address problematic
security behaviors. Building on successful healthcare efforts which resulted in smoking cessation, regular
exercise and a healthier diet, among others, IPAM is a hybrid, predictive, process approach to behavioral
InfoSec improvement. IPAM formulates the motivational antecedents of intent as separate from the
volitional drivers of behavior. Singular fear appeals often seen in InfoSec research are replaced by more
nuanced treatments appropriately differentiated to support behavioral change as part of a process;
phase-appropriate measures of self-efficacy are employed to more usefully assess the likelihood that a
participant will act on good intentions; and decisional balance –assessment of pro and con perceptions –
is monitored over time. These notions better align InfoSec research to both leading security practice and
to successful comparators in healthcare. We believe IPAM can both help InfoSec research models better
explain actual behavior and better inform practical security-behavior improvement initiatives.

URLhttps://www.researchgate.net/publication/321138048_InfoSec_Process_Action_Model_IPAM_Systematically_Addressing_Individual_Security_Behavior
Sort

a