The purpose of this study is to perform an exploratory investigation into the feasibility of behavioural threshold analysis as a possible aid in security awareness campaigns.
Generic behavioural threshold analysis is presented and then applied in the domain of information security by collecting data on the behavioural thresholds of individuals in a group setting and how the individuals influence each other when it comes to security behaviour.
Initial experimental results show that behavioural threshold analysis is feasible in the context of information security and may provide useful guidelines on how to construct information security awareness programmes.
Threshold analysis may contribute in a number of ways to information security, e.g. identification of security issues that are susceptible to peer pressure and easily influenced by peer behaviour; serve as a countermeasure against security fatigue; contribute to the economics of information security awareness programmes; track progress of security awareness campaigns; and provide a new measure for determining the importance of security awareness issues.
This paper describes the very first experiment to test the behavioural threshold analysis concepts in the context of information security.
