Information security depends not only on technology, but also on the awareness, knowledge and intentions of employees, customers, and others using information-based systems and networks. Recognizing the need to better understand the role of behavior, including the link between trust and risk reduction in furthering information security, I3P researchers are examining two categories of behavioral science findings: those that demonstrate a welcome effect on cybersecurity implementation and use, and those with a potential to have such an effect. The first involves identifying those findings and making them visible to cybersecurity Researchers and practitioners. The second involves confirming that those findings with potential have desired effects on cybersecurity behavior. To that end, project researchers are designing a set of empirical studies to test hypotheses to help illuminate the link between human behavior and cybersecurity risk.
