MORPHEUS: A Multidimensional Framework for Modeling, Measuring, and Mitigating Human Factors in Cybersecurity

Abstract

Despite technical advancements, the human factor remains cybersecurity's most exploited vulnerability. Current research acknowledges this but remains fragmented, treating vulnerabilities as isolated, static traits. To address this, we introduce MORPHEUS, a holistic framework conceptualizing human-centric security as a dynamic, interconnected system. Grounded in the Cognition-Affect-Behavior (CAB) model and Attribution Theory, MORPHEUS consolidates 50 human factors influencing susceptibility to major cyberthreats (e.g., phishing, malware, password management, and misconfigurations). Beyond mere identification, the framework introduces a hierarchical Causal Pathway Architecture. Systematically mapping 302 empirical interactions (82.8% architecture-compliant), we reveal how cognitive, affective, and behavioral processes jointly shape security outcomes, distilling them into 12 recurring interaction mechanisms. MORPHEUS further links theory to practice through an inventory of 99 validated psychometric instruments for empirical assessment. We illustrate its applicability through in-depth operational scenarios for risk diagnosis and targeted interventions. Overall, MORPHEUS provides a comprehensive theoretical foundation for advancing human-centered cybersecurity.

0

Turn this paper into a full lesson

ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.

Discussion (0)

Sign in to join the discussion.

Loading comments…