InfoSec Process Action Model (IPAM): Targeting Insiders' Weak Password Behavior

What is it about?

An experiment implementing the recently-proposed InfoSec Process Action Model (IPAM) results in risk level assessments for personal security behavior. Effective internal controls for security risks that are relevant to financial statement and internal control audits often rely on difficult-to-measure individual behavior. IPAM's multi-phased processed-nuanced approach employs non-technical indicators focusing on likelihood of behavior rather than merely intention to comply. The findings validate components of the IPAM model which have not been previously tested in the cybersecurity domain and provide insights for both researchers seeking to understand drivers of security compliance behavior and practitioners who want to develop effective security programs and assess residual control risk.

Featured Image