ABSTRACT
Understanding human behavior is integral to the study of cybersecurity. Without a human actor, virtually all cybersecurity issues would be nonexistent. Within computer science and engineering, human factor psychology is the most common psychological subfield used to solve problems. Human factor psychology is a scientific discipline that studies how people interact with machines and technology to guide the design of products, systems, and devices that are used every day, most often focusing on performance and safety. Sometimes human-factor psychology is referred to as ergonomics or human engineering. We extend this human-factor psychology focus to include behavioral science generally and personality psychology more specifically to develop theoretical and methodological formulations to solve cybersecurity problems. Personality psychology offers a theoretical and methodological approach that is complementary to human-factor psychology as an integral element of cybersecurity. The purpose of this chapter is to describe dimensions of human personality to advance the argument that a personality analytic approach to behavioral cybersecurity that centers on understanding the attacker's personality can inform defender decision-making in developing a defense strategy. Personality psychology provides a robust theoretical framework for describing differences in individual behavior, while also offering an integrative conceptual framework for understanding the whole person.
