International Journal of Networking and Computing

Information security measures have become increasingly important not only for companies but also for individuals in recent years. For this reason, many information security measures have been taken. However, if information security is overly complicated, ICT users may get overwhelmed. Although research on information security fatigue is being conducted, currently it is not enough. In particular, research from a psychological point of view is lacking. Examples of psychological measures include cognitive strategies that are classified as behavioral models. There are various cognitive strategies, but research into particular countermeasures against information security fatigue has not been sufficiently explored. In this work, we propose new measures based on psychological viewpoints. Specifically, these are information security fatigue countermeasures that introduce a cognitive strategy. We conducted a questionnaire survey on cognitive strategies and information security fatigue, analyzed the results, and classified them into 24 levels, consisting of six levels of the information security fatigue scale multiplied by four levels of cognitive strategies. Then, for each of these 24 levels, a new information security fatigue measure was proposed and evaluated on the basis of the free responses of the questionnaire survey. The results indicated that appropriate information security fatigue countermeasures according to human behavior patterns based on cognitive strategies and the information security fatigue scale are possible.

Cognitive Strategy; Information Security Fatigue; Security Policy; Security Countermeasures