Human factors are implicated in most security (and safety) problems, a ubiquitous aspect being erosion of compliance. We discuss several theories of the role of human factors and present system dynamic models based on the theoretical paradigm of instrumental conditioning (the behavioral regulation theory). The proposed mechanism involves learning - both adequate and inadequate, 'superstitious' learning - and it conforms to basic facts of human character (propensity to misperceive risk, biological roots of instrumental conditioning). Our generic models are able to render generic reference behavior. Also, they suggest possible reasons for why technological advances paradoxically may worsen human compliance. The concept of the behavioral bliss point - immanent to the behavioral regulation theory - makes the learning aspect an inseparable companion to different mechanisms promoting erosion of compliance (such as throughput/security priority conflicts, mismatch between organizational and personal goal, etc). To counteract erosion of compliance we suggest policies involving educational and social interventions.
展开▼