SeBeST: Security Behavior Stage Model and Its Application to OS Update

To protect computers from various types of cyberattack, users are required to learn appropriate security behaviors. Different persuasion techniques to encourage users to take security behaviors are required according to user attitude toward security. In this paper, we first propose a Security Behavior Stage Model (SeBeST) which classifies users into five stages in terms of attitude toward security measurements; having security awareness and taking security behaviors. In addition, we focus on OS updating behaviors as an example of security behaviors and evaluated effective OS update messages for users in each stage. We create message dialogs which can promote user OS updating behaviors. We conduct two online surveys; we analyze the validity of SeBeST in Survey1 and then evaluate effective messages for each stage in Survey2. We find that SeBeST has high validity and appropriate messages for the users in each stage differ from one another.