The role of a stress model in the development of information security culture

The process of building information security is based on three controls. Technical and formal control ensures relatively quick results but its life cycle isn´t very long. Informal control focuses on the person resulting in rather long implementation periods. Successful implementation should lead to the information security culture. In this process, the user is expected to change his behavior according to specified rules and in order to achieve this the user must invest significant efforts. In order to ease this effort, one should find some motivating factors, which influence positively such situations. Moreover, a better understanding of the process occurring during the interaction of the user and the environment is important. If one takes into consideration the fact that the user in his everyday activities uses certain processes which facilitate the performance of his tasks, then the demand to change his attitudes will not be seen positively. Such a situation is very stressful for the user and will be explained using the stress model. The attitude the user adopts in such situations will finally influence the development of the information security culture. In order for this process to be successful, the user should see (or have the attitude) the demands as challenges rather than threats. This attitude depends on the personal characteristics of the user. One of them is self-efficiency. By using the methods which increase confidence in self-efficiency, one is helping the user in his efforts to modify his behaviors.