<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.2 20190208//EN" "http://jats.nlm.nih.gov/publishing/1.2/JATS-journalpublishing1.dtd"><article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" article-type="research-article" dtd-version="1.2" xml:lang="en">
    <front>
        <journal-meta>
            <journal-id journal-id-type="pmc">F1000Research</journal-id>
            <journal-title-group>
                <journal-title>F1000Research</journal-title>
            </journal-title-group>
            <issn pub-type="epub">2046-1402</issn>
            <publisher>
                <publisher-name>F1000 Research Limited</publisher-name>
                <publisher-loc>London, UK</publisher-loc>
            </publisher>
        </journal-meta>
        <article-meta>
            <article-id pub-id-type="doi">10.12688/f1000research.182773.1</article-id>
            <article-categories>
                <subj-group subj-group-type="heading">
                    <subject>Research Article</subject>
                </subj-group>
                <subj-group>
                    <subject>Articles</subject>
                </subj-group>
            </article-categories>
            <title-group>
                <article-title>A User-Behavior Micro-Segmentation Framework for Cyber security in Work-From-Home Environments</article-title>
                <fn-group content-type="pub-status">
                    <fn>
                        <p>[version 1; peer review: awaiting peer review]</p>
                    </fn>
                </fn-group>
            </title-group>
            <contrib-group>
                <contrib contrib-type="author" corresp="yes">
                    <name>
                        <surname>Aarone Mike</surname>
                        <given-names>Atuhe</given-names>
                    </name>
                    <role content-type="http://credit.niso.org/">Conceptualization</role>
                    <role content-type="http://credit.niso.org/">Formal Analysis</role>
                    <role content-type="http://credit.niso.org/">Investigation</role>
                    <role content-type="http://credit.niso.org/">Writing &#x2013; Original Draft Preparation</role>
                    <role content-type="http://credit.niso.org/">Writing &#x2013; Review &amp; Editing</role>
                    <uri content-type="orcid">https://orcid.org/0009-0000-3513-5018</uri>
                    <xref ref-type="corresp" rid="c1">a</xref>
                    <xref ref-type="aff" rid="a1">1</xref>
                </contrib>
                <contrib contrib-type="author" corresp="no">
                    <name>
                        <surname>Akampurira</surname>
                        <given-names>Paul</given-names>
                    </name>
                    <role content-type="http://credit.niso.org/">Conceptualization</role>
                    <role content-type="http://credit.niso.org/">Software</role>
                    <uri content-type="orcid">https://orcid.org/0000-0001-7597-3219</uri>
                    <xref ref-type="aff" rid="a2">2</xref>
                </contrib>
                <contrib contrib-type="author" corresp="no">
                    <name>
                        <surname>Tumuhimbise</surname>
                        <given-names>Wilson</given-names>
                    </name>
                    <role content-type="http://credit.niso.org/">Supervision</role>
                    <role content-type="http://credit.niso.org/">Writing &#x2013; Review &amp; Editing</role>
                    <xref ref-type="aff" rid="a1">1</xref>
                    <xref ref-type="aff" rid="a2">2</xref>
                </contrib>
                <contrib contrib-type="author" corresp="no">
                    <name>
                        <surname>Ntwari</surname>
                        <given-names>Richard</given-names>
                    </name>
                    <role content-type="http://credit.niso.org/">Methodology</role>
                    <role content-type="http://credit.niso.org/">Supervision</role>
                    <xref ref-type="aff" rid="a1">1</xref>
                </contrib>
                <contrib contrib-type="author" corresp="no">
                    <name>
                        <surname>Obbo</surname>
                        <given-names>Aggrey</given-names>
                    </name>
                    <role content-type="http://credit.niso.org/">Validation</role>
                    <xref ref-type="aff" rid="a1">1</xref>
                </contrib>
                <aff id="a1">
                    <label>1</label>Department of computer science, Mbarara University of Science and Technology, Faculty of computing and informatics, Mbarara, Western Region, Uganda</aff>
                <aff id="a2">
                    <label>2</label>Computing, Kampala International University - Western Campus, Bushenyi, Western Region, Uganda</aff>
            </contrib-group>
            <author-notes>
                <corresp id="c1">
                    <label>a</label>
                    <email xlink:href="mailto:aatuhe@must.ac.ug">aatuhe@must.ac.ug</email>
                </corresp>
                <fn fn-type="conflict">
                    <p>No competing interests were disclosed.</p>
                </fn>
            </author-notes>
            <pub-date pub-type="epub">
                <day>25</day>
                <month>6</month>
                <year>2026</year>
            </pub-date>
            <pub-date pub-type="collection">
                <year>2026</year>
            </pub-date>
            <volume>15</volume>
            <elocation-id>1010</elocation-id>
            <history>
                <date date-type="accepted">
                    <day>16</day>
                    <month>6</month>
                    <year>2026</year>
                </date>
            </history>
            <permissions>
                <copyright-statement>Copyright: &#x00a9; 2026 Aarone Mike A et al.</copyright-statement>
                <copyright-year>2026</copyright-year>
                <license xlink:href="https://creativecommons.org/licenses/by/4.0/">
                    <license-p>This is an open access article distributed under the terms of the Creative Commons Attribution Licence, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.</license-p>
                </license>
            </permissions>
            <self-uri content-type="pdf" xlink:href="https://f1000research.com/articles/15-1010/pdf"/>
            <abstract>
                <sec>
                    <title>Background</title>
                    <p>The rapid adoption of work-from-home (WFH) arrangements in higher education has increased dependence on personal devices and home networks, exposing universities to cybersecurity risks influenced by user behavior, usability challenges, and environmental constraints. This study aimed to develop a User-Behavior Micro-Segmentation Framework (UBMSF) tailored to the contextual and operational realities of remote work in Ugandan universities.</p>
                </sec>
                <sec>
                    <title>Methods</title>
                    <p>A quantitative descriptive research design grounded in the Theory of Planned Behavior (TPB) and Design Science Research (DSR) principles was employed. Data were collected using structured questionnaires administered to academic, administrative, and information technology staff from selected Ugandan universities. Descriptive statistics, correlation analysis, multiple regression, and k-means clustering were used to analyse cybersecurity behavior, usability difficulty, digital fatigue, and behavioral patterns.</p>
                </sec>
                <sec>
                    <title>Results</title>
                    <p>The findings revealed that perceived behavioral control, usability difficulty, and digital fatigue were significant predictors of cybersecurity behavior. Regression analysis showed that usability difficulty and fatigue negatively affected secure practices, while clustering analysis identified distinct user segments with varying levels of risk exposure, capability, and behavioral consistency. These findings informed the development of the UBMSF, which integrates behavioral, technological, and contextual dimensions to support adaptive cybersecurity interventions.</p>
                </sec>
                <sec>
                    <title>Conclusions</title>
                    <p>The study demonstrates that cybersecurity behavior in remote work environments is shaped by both psychological and contextual factors. The proposed framework provides a structured approach for identifying user behavior patterns and aligning cybersecurity interventions with user capability, usability conditions, and environmental realities in higher education institutions.</p>
                </sec>
            </abstract>
            <kwd-group kwd-group-type="author">
                <kwd>Cybersecurity</kwd>
                <kwd>Work-from-home</kwd>
                <kwd>User behavior</kwd>
                <kwd>Micro-segmentation</kwd>
                <kwd>Usability digital fatigue</kwd>
            </kwd-group>
            <funding-group>
                <funding-statement>The author(s) declared that no grants were involved in supporting this work.</funding-statement>
            </funding-group>
        </article-meta>
    </front>
    <body>
        <sec id="sec5" sec-type="intro">
            <title>1.0 Introduction</title>
            <p>Work-from-home (WFH) refers to the arrangement where university students and staff perform academic and administrative duties from home using digital technologies. In recent years, particularly after the COVID-19 pandemic, WFH has become a critical component of university operations. It allows continuity of teaching, research, and administration but also transfers institutional data security responsibilities to individual users operating from domestic networks (
                <xref ref-type="bibr" rid="ref7">Leal Filho et al., 2025</xref>; 
                <xref ref-type="bibr" rid="ref13">Wong et al., 2021</xref>).</p>
            <p>The rise of WFH has brought flexibility and innovation but also heightened cybersecurity risks. Staff now routinely access institutional systems through personal or shared devices and unmonitored home networks, increasing exposure to phishing, ransomware, and unauthorised data access. In resource-constrained university environments, these risks are amplified by limited technical infrastructure, weak enforcement of security policies, and insufficient cybersecurity awareness and support (
                <xref ref-type="bibr" rid="ref3">Asyrofi &amp; Nugraha, 2025</xref>; 
                <xref ref-type="bibr" rid="ref12">Radha et al., 2024</xref>).</p>
            <p>Global studies have consistently identified end-user behavior as the weakest link in cybersecurity management. Despite growing investment in awareness programs, compliance and secure behavior remain inconsistent (
                <xref ref-type="bibr" rid="ref2">Alsabri &amp; Al-Hadi, 2025</xref>; 
                <xref ref-type="bibr" rid="ref9">Moustafa et al., 2021</xref>). Regional research in African higher education institutions highlights additional challenges, including poor usability of security systems, high digital fatigue, and limited institutional oversight. Locally, in Uganda, studies have revealed that work from home conditions exacerbate behavioral and contextual weaknesses, as university students and staff rely on unsecured home networks and under-supported devices to perform critical tasks (
                <xref ref-type="bibr" rid="ref10">Ndaba &amp; Gedala, 2024</xref>; 
                <xref ref-type="bibr" rid="ref14">Yidana et al., 2023</xref>).</p>
            <p>While previous research has deepened understanding of cybersecurity behavior, little has been done to systematically classify users based on behavioral and contextual realities. A one-size-fits-all approach to cybersecurity awareness fails to account for differences in capability, fatigue, and system usability (
                <xref ref-type="bibr" rid="ref4">Baltuttis et al., 2024</xref>; 
                <xref ref-type="bibr" rid="ref6">Kannel&#x00f8;nning &amp; Katsikas, 2023</xref>). Therefore, there is a pressing need for a framework that segments users according to their behavioral and environmental profiles. Such an approach can enable universities to design interventions that reflect actual user experiences rather than uniform compliance expectations (
                <xref ref-type="bibr" rid="ref5">Donekal Chandrashekar et al., 2024</xref>).</p>
            <p>To address this need, the present study designed a User-Behavior Micro-Segmentation Framework (UBMSF) tailored to the remote work environments of Ugandan higher education institutions. Drawing upon behavioral science and segmentation logic, the framework integrates findings from user behavior analysis with design-science principles to guide context-sensitive cybersecurity management. Specifically the study sought to design a user-behavior micro-segmentation framework; it addressed the following guiding research question:</p>
            <p>

                <bold>How can a user-behavior micro-segmentation framework be designed to align with the contextual and operational realities of work from home in Ugandan universities?</bold>
            </p>
        </sec>
        <sec id="sec6">
            <title>2.0 Methodology</title>
            <sec id="sec7">
                <title>2.1 Research design</title>
                <p>This study employed a quantitative descriptive research design to investigate cybersecurity behavior and design a user-behavior micro-segmentation framework. The quantitative approach enabled the systematic analysis of behavioral, contextual, and usability-related factors influencing cybersecurity outcomes. The design was appropriate for identifying measurable relationships and deriving behavioral profiles from large-scale user data. To ensure theoretical grounding, the research was guided by the Theory of Planned Behavior (TPB) (
                    <xref ref-type="bibr" rid="ref1">Ajzen, 1991</xref>) and integrated Design Science Research (DSR) principles (
                    <xref ref-type="bibr" rid="ref11">Peffers et al., 2007</xref>) to translate empirical findings into a validated framework artefact.</p>
            </sec>
            <sec id="sec8">
                <title>2.2 Population and sampling</title>
                <p>The study population comprised of student, academic and administrative staff from selected Ugandan universities that had formally implemented remote or hybrid work frameworks. These institutions were chosen to reflect varying levels of digital maturity and resource availability. A stratified random sampling technique was adopted to ensure adequate representation across job categories, age groups, and levels of digital engagement. Stratification enabled the capture of behavioral variation among users performing different institutional roles. Out of the targeted respondents, 216 valid responses were obtained, which provided a statistically meaningful basis for quantitative analysis.</p>
            </sec>
            <sec id="sec9">
                <title>2.3 Instrument design and reliability</title>
                <p>Data were collected through a structured questionnaire that captured both behavioral and contextual indicators of cybersecurity practice. The instrument consisted of five major sections:
                    <list list-type="order">
                        <list-item>
                            <label>1.</label>
                            <p>Demographic Information</p>
                        </list-item>
                        <list-item>
                            <label>2.</label>
                            <p>Cybersecurity Behavioral Practices (password management, safe browsing, device configuration, file handling, and network use)</p>
                        </list-item>
                        <list-item>
                            <label>3.</label>
                            <p>Usability Difficulty and Digital Fatigue</p>
                        </list-item>
                        <list-item>
                            <label>4.</label>
                            <p>Behavioral Constructs from the Theory of Planned Behavior (TPB) &#x2013; including 
                                <italic toggle="yes">attitude, subjective norms, perceived behavioral control,
</italic> and 
                                <italic toggle="yes">behavioral intention</italic>
                            </p>
                        </list-item>
                        <list-item>
                            <label>5.</label>
                            <p>Perceived Environmental Constraints and Institutional Support</p>
                        </list-item>
                    </list>
                </p>
                <p>All items were measured using a five-point Likert scale ranging from 1 (
                    <italic toggle="yes">strongly disagree</italic>) to 5 (
                    <italic toggle="yes">strongly agree</italic>). The questionnaire underwent a pilot test to assess reliability and internal consistency. The resulting Cronbach&#x2019;s alpha of 0.901 indicated excellent reliability, suggesting that the instrument consistently measured the intended constructs.</p>
            </sec>
            <sec id="sec10">
                <title>2.4 Data analysis procedures</title>
                <p>Data analysis followed a multi-stage process to identify behavioral patterns and inform framework development. Descriptive statistics were first computed to evaluate respondents&#x2019; cybersecurity performance across key domains such as password hygiene, browser safety, device management, and network practices.</p>
                <p>Subsequently, inferential analyses were conducted using correlation and multiple regression to identify significant predictors of cybersecurity behavior, including usability difficulty and digital fatigue. Clustering analysis (k-means) was then applied to segment users into groups exhibiting similar behavioral tendencies. This segmentation provided empirical evidence for the framework&#x2019;s structural logic, highlighting user heterogeneity and vulnerability patterns within the remote work environment. All analyses were performed using SPSS v25, with statistical significance evaluated at p&#x00a0;&lt;&#x00a0;0.05.</p>
            </sec>
            <sec id="sec11">
                <title>2.5 Ethical considerations</title>
                <p>Ethical integrity guided every stage of this study. The study was conducted in accordance with the principles of the Declaration of Helsinki for research involving human participants. Participation was voluntary, and written informed consent was obtained from all respondents prior to data collection. To safeguard anonymity, no personal identifiers were collected, and all responses were securely stored in encrypted formats accessible only to the research team. Ethical clearance was obtained from the Mbarara University of Science and Technology Research Ethics Committee (MUST-REC), approval number MUST-2025-400.</p>
            </sec>
            <sec id="sec12">
                <title>2.6 Theoretical and design foundations</title>
                <p>The methodological foundation of this study combined behavioral theory and human-centred design logic. The Theory of Planned Behavior (TPB) provided a predictive lens for understanding user intention and action, focusing on attitude, subjective norms, and perceived behavioral control as determinants of secure behavior. However, the study extended TPB by introducing contextual moderators, namely, usability and digital fatigue, that condition how perceived control translates into action.</p>
                <p>The design orientation of the research was guided by principles of Human-Centred Design (HCD) and User-Centred Security Design (UCSD). These paradigms emphasise that effective cybersecurity systems must be developed around human capabilities, cognitive limits, and contextual realities rather than purely technical efficiency. HCD guided the interpretation of human factors, such as usability, fatigue, and perceived behavioral control, while UCSD informed the design implications and development of the User-Behavior Micro-Segmentation Framework (UBMSF). Together, these frameworks grounded the study in both behavioral theory and user-oriented security practice, ensuring that the resulting framework is not only evidence-based but also responsive to the lived realities of remote respondents in Ugandan universities.</p>
            </sec>
        </sec>
        <sec id="sec13">
            <title>3.0 Findings and discussion</title>
            <sec id="sec14">
                <title>3.1 Overview of cybersecurity behavioral performance</title>
                <p>Descriptive statistics were computed to evaluate cybersecurity behavior across six domains: password management, safe browsing, device configuration, file handling, network usage, and incident response. Respondents demonstrated moderate adherence to secure practices, with mean scores ranging between 3.21 and 3.78 on a five-point scale, reflecting generally positive yet inconsistent behavior patterns. &#x201c;Instrument reliability testing yielded Cronbach&#x2019;s &#x03b1; = 0.901, confirming internal consistency across behavioral and contextual scales and supporting the validity of the aggregated results.&#x201d;</p>
                <p>Password management achieved the highest mean score (M&#x00a0;=&#x00a0;3.78, SD&#x00a0;=&#x00a0;0.82), as shown in 
                    <xref ref-type="table" rid="T1">table 1</xref>. suggesting greater personal discipline, whereas incident response (M&#x00a0;=&#x00a0;3.21, SD&#x00a0;=&#x00a0;0.85) was weakest, indicating limited readiness to detect or report security events which also aligns with (
                    <xref ref-type="bibr" rid="ref8">Maalem Lahcen et al., 2020</xref>). This pattern aligns with prior research showing that awareness alone rarely translates into consistent action. These associations provided the statistical foundation for subsequent regression and clustering frameworks.&#x201d;</p>
                <table-wrap id="T1" orientation="portrait" position="float">
                    <label>
Table 1. </label>
                    <caption>
                        <title>Cybersecurity behavioral performance (n&#x00a0;=&#x00a0;216).</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Behavioral Domain</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">M</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">SD</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">N</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">
Interpretation</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Password management</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">3.78</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.82</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">216</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Moderate&#x2013;High</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Safe browsing &amp; email vigilance</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">3.64</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.76</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">216</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Moderate</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Device configuration &amp; updates</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">3.52</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.88</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">216</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Moderate</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Secure file handling</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">3.47</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.81</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">216</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Moderate</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Network usage (Wi-Fi security)</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">3.33</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.93</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">216</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Moderate</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Incident response &amp; reporting</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">3.21</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.85</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">216</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Moderate&#x2013;Low</td>
                            </tr>
                        </tbody>
                    </table>
                </table-wrap>
            </sec>
            <sec id="sec15">
                <title>3.2 Relationships among Key Variables</title>
                <p>Pearson&#x2019;s correlation analysis explored associations between usability difficulty, digital fatigue, and cybersecurity behavior as shown in 
                    <xref ref-type="table" rid="T2">table 2</xref>.</p>
                <table-wrap id="T2" orientation="portrait" position="float">
                    <label>
Table 2. </label>
                    <caption>
                        <title>Correlations among usability, digital fatigue, and cybersecurity behavior.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Variables</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">1</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">2</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">
3</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">1. Usability difficulty</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2014;</td>
                                <td colspan="1" rowspan="1"/>
                                <td colspan="1" rowspan="1"/>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">2. Digital fatigue</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.54**</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2014;</td>
                                <td colspan="1" rowspan="1"/>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">3. Cybersecurity behavior</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;0.46**</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;0.41**</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2014;</td>
                            </tr>
                        </tbody>
                    </table>
                    <table-wrap-foot>
                        <p>

                            <bold>Note.</bold> p&#x00a0;&lt;&#x00a0;.01. Negative correlations indicate that higher usability difficulty and fatigue correspond to lower secure behavior levels.</p>
                    </table-wrap-foot>
                </table-wrap>
                <p>Together, the two frameworks explained nearly 56% of the variance, demonstrating that psychological and contextual dimensions jointly determine secure conduct. Both usability difficulty (r&#x00a0;=&#x00a0;&#x2212;0.46, p&#x00a0;&lt;&#x00a0;.01) and digital fatigue (r&#x00a0;=&#x00a0;&#x2212;0.41, p&#x00a0;&lt;&#x00a0;.01) were significantly and negatively associated with cybersecurity behavior. These relationships suggest that as users face greater interface complexity or prolonged screen exposure, their compliance with secure practices declines. This trend reinforces the contextual dimension of cybersecurity&#x2014;highlighting that performance is affected not only by knowledge but also by workload and cognitive strain.</p>
            </sec>
            <sec id="sec16">
                <title>3.3 Predictors of Cybersecurity Behavior (TPB Framework)</title>
                <p>Two regression frameworks were estimated to determine predictors of cybersecurity behavior. The first framework examined contextual predictors, while the second applied behavioral constructs from the TPB as shown 
                    <xref ref-type="table" rid="T3">table 3</xref>.</p>
                <table-wrap id="T3" orientation="portrait" position="float">
                    <label>
Table 3. </label>
                    <caption>
                        <title>Multiple regression predicting cybersecurity behavior from usability difficulty and digital fatigue.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Predictor</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">B</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">SE B</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">&#x03b2;</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">t</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">
p</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Constant</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">4.11</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.18</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2014;</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">22.83</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; .001</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Usability difficulty</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;0.32</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.07</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;0.39</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;4.57</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; .001</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Digital fatigue</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;0.27</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.06</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;0.34</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;4.18</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; .001</td>
                            </tr>
                        </tbody>
                    </table>
                    <table-wrap-foot>
                        <p>

                            <bold>Framework Summary:</bold> R
                            <sup>2</sup>&#x00a0;=&#x00a0;0.37, F(2, 213)&#x00a0;=&#x00a0;63.12, p&#x00a0;&lt;&#x00a0;.001.</p>
                    </table-wrap-foot>
                </table-wrap>
                <p>The contextual framework explained 37% of the variance in cybersecurity behavior, confirming that both usability and fatigue independently shape secure conduct. As systems become harder to use or staff experience digital exhaustion, adherence to security practices diminishes, a finding consistent with human&#x2013;computer interaction studies emphasizing usability as a determinant of cybersecurity outcomes which also aligns with study by (Ifinedo, 2020).</p>
                <p>The behavioral framework explained 55.4% of variance, with PBC emerging as the most influential determinant as in 
                    <xref ref-type="table" rid="T4">table 4</xref>. The significance of PBC supports TPB&#x2019;s assertion that perceived capability strongly predicts behavioral compliance. However, when contextual factors are considered, it becomes evident that usability and fatigue moderate how PBC translates into secure action.</p>
                <table-wrap id="T4" orientation="portrait" position="float">
                    <label>
Table 4. </label>
                    <caption>
                        <title>Regression framework predicting cybersecurity behavior based on TPB constructs.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Predictor</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">&#x03b2;</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">SE</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">t</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">
p</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Perceived Behavioral Control</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.393</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.071</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">5.54</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; .001</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Subjective Norm</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.273</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.082</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">3.33</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; .01</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Behavioral Intention</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.180</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.087</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2.07</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; .05</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Attitude</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.162</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.078</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2.08</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; .05</td>
                            </tr>
                        </tbody>
                    </table>
                    <table-wrap-foot>
                        <p>

                            <bold>Framework Summary:</bold> R
                            <sup>2</sup>&#x00a0;=&#x00a0;0.554, F(4,195)&#x00a0;=&#x00a0;36.45, p&#x00a0;&lt;&#x00a0;.001.</p>
                    </table-wrap-foot>
                </table-wrap>
            </sec>
            <sec id="sec17">
                <title>3.4 Behavioral clusters and segmentation patterns</title>
                <p>K-means clustering yielded three behavioral clusters (Resilient, Overextended, and At-Risk Users). These statistical clusters were subsequently translated into four operational behavioral segments by incorporating usability and digital fatigue indicators to support framework intervention design as in 
                    <xref ref-type="table" rid="T5">table 5</xref>.</p>
                <table-wrap id="T5" orientation="portrait" position="float">
                    <label>
Table 5. </label>
                    <caption>
                        <title>Behavioral cluster profiles (K-means output).</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Cluster</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Label</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Dominant traits</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Proportion</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">1</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Resilient Users</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">High control, low fatigue, consistent secure habits</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">38%</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">2</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Overextended Users</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Moderate control, high fatigue, inconsistent practices</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">42%</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">3</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">At-Risk Users</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Low control, high usability barriers, poor response</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">20%</td>
                            </tr>
                        </tbody>
                    </table>
                </table-wrap>
                <p>These statistical clusters were later refined into four operational behavioral segments through integration with usability and digital fatigue indicators. These clusters reveal significant heterogeneity in user capability and risk exposure. &#x201c;Resilient&#x201d; users maintain consistent behavior despite contextual strain, while &#x201c;Overextended&#x201d; users exhibit fluctuating compliance under high fatigue. The &#x201c;At-Risk&#x201d; segment demonstrates persistent usability barriers and weak incident response. The emergence of the Compliant-and-Cautious cluster highlights a proactive user group that could serve as peer champions.</p>
                <p>Such segmentation provides empirical justification for the differentiated intervention framework proposed in Section 4. It confirms that cybersecurity management must move beyond general awareness programs to targeted, behavior-specific support mechanisms aligned with each user profile.</p>
            </sec>
            <sec id="sec18">
                <title>3.5 Usability difficulty, cognitive load, and behavioral outcomes</title>
                <p>
                    <xref ref-type="table" rid="T6">
Table 6</xref> presents the regression results examining the influence of usability difficulty and cognitive load on cybersecurity behavior.</p>
                <table-wrap id="T6" orientation="portrait" position="float">
                    <label>
Table 6. </label>
                    <caption>
                        <title>Regression framework predicting cybersecurity behavior from usability and cognitive Load.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Predictor</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">&#x03b2;</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">SE</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">t</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">
p</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Usability Difficulty</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.421</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.069</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">5.10</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; 0.001</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Cognitive Load</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;0.357</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.084</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&#x2212;4.25</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; 0.001</td>
                            </tr>
                        </tbody>
                    </table>
                    <table-wrap-foot>
                        <p>

                            <bold>Framework Summary:</bold> R
                            <sup>2</sup>&#x00a0;=&#x00a0;0.496, F(2, 197)&#x00a0;=&#x00a0;27.36, p&#x00a0;&lt;&#x00a0;0.001.</p>
                    </table-wrap-foot>
                </table-wrap>
                <p>The results demonstrated that usability difficulty was significantly associated with cyber security behaviors, while increased cognitive load negatively affected cyber security practices. Conversely, increased cognitive load negatively affected performance. These findings align with research emphasising the role of human&#x2013;computer interaction in security compliance (Ifinedo, 2020).</p>
            </sec>
            <sec id="sec19">
                <title>3.6 Impact of digital fatigue on risky behavior</title>
                <p>
                    <xref ref-type="table" rid="T7">
Table 7</xref> presents the correlations between digital fatigue, risky behavior, usability difficulty, and cognitive load.</p>
                <table-wrap id="T7" orientation="portrait" position="float">
                    <label>
Table 7. </label>
                    <caption>
                        <title>Correlation between digital fatigue and risky behavior indicators.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Variable</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">r</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">
p</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Digital Fatigue &#x2013; Risky Behavior</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.62</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; 0.001</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Digital Fatigue &#x2013; Usability Difficulty</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.48</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; 0.001</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Digital Fatigue &#x2013; Cognitive Load</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">0.52</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">&lt; 0.001</td>
                            </tr>
                        </tbody>
                    </table>
                </table-wrap>
                <p>Fatigue correlated strongly with risky behavior, usability difficulty, and cognitive overload. This pattern supports the argument that prolonged digital engagement diminishes vigilance and contributes to security lapses. Respondents&#x2019; qualitative feedback reinforced this relationship; many acknowledged ignoring warnings or reusing passwords when tired, mirroring similar observations by Nilup&#x00fa;-Moreno and Salas-Riega (2024).</p>
            </sec>
            <sec id="sec20">
                <title>3.7 Emerging behavioral segments</title>
                <p>Cluster analysis identified four distinct user segments that informed framework development:
                    <list list-type="order">
                        <list-item>
                            <label>1.</label>
                            <p>Weak-Across-All-Domains &#x2013; low capability, high usability difficulty; require intensive support.</p>
                        </list-item>
                        <list-item>
                            <label>2.</label>
                            <p>Careless-but-Confident &#x2013; overconfident users with poor browser safety and minimal adherence to protocol.</p>
                        </list-item>
                        <list-item>
                            <label>3.</label>
                            <p>Fatigued-and-Overloaded &#x2013; moderate awareness but performance declines under high workload or fatigue.</p>
                        </list-item>
                        <list-item>
                            <label>4.</label>
                            <p>Compliant-and-Cautious &#x2013; consistently secure users who could serve as peer mentors.</p>
                        </list-item>
                    </list>
                </p>
                <p>This segmentation validated the heterogeneity of cybersecurity behavior and demonstrated the inadequacy of uniform awareness campaigns. Each segment corresponded to unique intervention needs, providing the empirical basis for the User-Behavior Micro-Segmentation Framework (UBMSF).</p>
            </sec>
            <sec id="sec21">
                <title>3.8 Operational segmentation rules (Implementation Logic)</title>
                <p>To operationalise the proposed user-behavior micro-segmentation framework, classification rules were developed by combining four axis scores: behavioral domain average (BDavg), perceived behavioral control (PBC), usability difficulty (US), and digital fatigue (FD). The thresholds were defined using sample-derived percentile cut-offs from the empirical results and validated against qualitative respondent profiles. The rules enable consistent and repeatable segment assignment while allowing temporal movement between segments as fatigue levels and contextual risks change as shown in 
                    <xref ref-type="table" rid="T8">table 8</xref>.</p>
                <table-wrap id="T8" orientation="portrait" position="float">
                    <label>
Table 8. </label>
                    <caption>
                        <title>Operational segmentation rules and thresholds.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Segment</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Operational Rule (Classification Logic)</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Key Interpretation/Implication</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Weak-Across-All-Domains
</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">BDavg &#x2264;2.6 AND PBC&#x00a0;&#x2264;&#x00a0;2.6 AND US &#x2265;3.5</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Low capability + high usability barriers &#x2192; requires guided support and simplified security tasks</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Careless-but-Confident</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">PBC&#x00a0;&#x2265;&#x00a0;3.5 AND Browser Score&#x00a0;&#x2264;&#x00a0;2.5</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">High confidence but risky browsing &#x2192; needs behavioral nudges, phishing simulations and awareness targeting optimistic bias</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Fatigued-and-Overloaded</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">FD&#x00a0;&#x2265;&#x00a0;67th percentile AND BDavg between 2.6 and 3.4</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Performance drops under fatigue &#x2192; use fatigue-aware prompting, reduce interruptions, schedule security tasks</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Compliant-and-Cautious</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">BDavg &#x2265;3.5 AND PBC&#x00a0;&#x2265;&#x00a0;3.5 AND US &#x2264;2.5</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">High competence and stable secure habits &#x2192; can act as champions/peer mentors</td>
                            </tr>
                        </tbody>
                    </table>
                    <table-wrap-foot>
                        <p>

                            <bold>Note:</bold> BDavg&#x00a0;=&#x00a0;Behavioral domain average score; PBC&#x00a0;=&#x00a0;perceived Behavioral Control; US&#x00a0;=&#x00a0;usability difficulty score; FD&#x00a0;=&#x00a0;digital fatigue score.</p>
                    </table-wrap-foot>
                </table-wrap>
            </sec>
            <sec id="sec22">
                <title>3.9 Discussion of key insights</title>
                <p>The collective evidence underscores that cybersecurity behavior is the outcome of an intricate interaction between psychological, technological, and contextual dimensions. Perceived behavioral control remains central, but its efficacy is shaped by usability and fatigue conditions. The findings also demonstrate that users&#x2019; behavioral diversity, rooted in differences in confidence, cognitive load, and work context, translates directly into varying risk profiles.</p>
                <p>From a theoretical standpoint, these findings extend the Theory of Planned Behavior by incorporating contextual moderators that alter the strength of behavioral determinants. Practically, they validate the principle that behavioral segmentation enhances understanding of user heterogeneity, offering a basis for adaptive, context-sensitive interventions.</p>
            </sec>
        </sec>
        <sec id="sec23">
            <title>4.0 Transition to framework development</title>
            <p>Building on these empirical findings, the next section integrates behavioral and contextual patterns into a coherent analytical structure. The relationships identified among usability difficulty, digital fatigue, and perceived behavioral control provided the foundation for constructing the User-Behavior Micro-Segmentation Framework (UBMSF). This framework translates statistical relationships into an operational framework capable of differentiating user groups according to behavioral tendencies, contextual constraints, and capability levels. In doing so, it bridges quantitative evidence with design-science artefact development, establishing a foundation for sustainable, user-centred cybersecurity management in higher education.</p>
            <sec id="sec24">
                <title>4.1 Framework design and implementation</title>
                <p>The development of the framework followed a storyline logic that emerged directly from the data, reflecting the lived experiences of staff working from home rather than treating cybersecurity as a purely technical issue. The results revealed that user capability, confidence, and fatigue interact dynamically with usability and environmental constraints. These insights informed the conceptual foundation of the User-Behavior Micro-Segmentation Framework, which integrates behavioral theory (
                    <xref ref-type="bibr" rid="ref1">Ajzen, 1991</xref>) with design-science principles (
                    <xref ref-type="bibr" rid="ref11">Peffers et al., 2007</xref>) to create an adaptive, evidence-based framework for cybersecurity management in higher education.</p>
                <p>The framework builds upon the Theory of Planned Behavior (TPB) by incorporating contextual and design-oriented factors relevant to cybersecurity in remote academic environments. In TPB, behavior is driven by attitude, subjective norms, and perceived behavioral control; however, in work-from-home settings, these determinants are shaped by usability and environmental constraints that affect how intention translates into secure action.</p>
                <p>Accordingly, this framework introduces two contextual moderators, usability difficulty and digital fatigue, that condition perceived behavioral control and influence behavioral outcomes. Users facing complex systems or cognitive exhaustion may struggle to perform secure actions consistently, even when aware of risks (Ifinedo, 2020; Nilup&#x00fa;-Moreno &amp; Salas-Riega, 2024). Thus, intention alone cannot fully explain cybersecurity behavior in technology-mediated environments. The framework conceptualises cybersecurity behavior as the outcome of interactions among three interdependent dimensions:
                    <list list-type="order">
                        <list-item>
                            <label>1.</label>
                            <p>

                                <bold>Psychological Dimension</bold> &#x2013; Attitude toward security, subjective norms, and perceived behavioral control, representing individual motivation and confidence.</p>
                        </list-item>
                        <list-item>
                            <label>2.</label>
                            <p>

                                <bold>Technological Dimension</bold> &#x2013; System usability, interface design, and accessibility of institutional platforms influencing user experience and performance.</p>
                        </list-item>
                        <list-item>
                            <label>3.</label>
                            <p>

                                <bold>Contextual Dimension</bold> &#x2013; Environmental factors such as digital fatigue, workload, and home network reliability that shape user focus and decision-making.</p>
                        </list-item>
                    </list>
                </p>
                <p>This integrated framework guided both the measurement of constructs and the interpretation of findings. The framework thus bridges behavioral theory and design practice, forming the theoretical basis for empirical validation in subsequent sections. 
                    <xref ref-type="fig" rid="f1">
Figure 1</xref> presents the proposed User-Behavior Micro-Segmentation Framework (UBMSF) illustrating the relationships among behavioral assessment, segmentation, intervention, and adaptive feedback mechanisms.</p>
                <fig fig-type="figure" id="f1" orientation="portrait" position="float">
                    <label>
Figure 1. </label>
                    <caption>
                        <title>User Behavior Micro-segmentation framework.</title>
                    </caption>
                    <graphic id="gr1" orientation="portrait" position="float" xlink:href="https://f1000research-files.f1000.com/manuscripts/201741/849409ad-66e5-4dd4-a7a2-d530ec04ce1e_figure1.gif"/>
                </fig>
            </sec>
            <sec id="sec25">
                <title>4.2 Evidence-to-Design requirements mapping</title>
                <p>The proposed user-behavior micro-segmentation framework was derived from the integration of quantitative results (behavioral domain performance, regression predictors, and correlation patterns) and qualitative thematic insights. The empirical findings were translated into concrete design requirements to ensure that the framework is evidence-driven, operational, and responsive to usability constraints, fatigue dynamics, and environmental limitations in WFH settings. 
                    <xref ref-type="table" rid="T9">
Table 9</xref> presents the mapping between empirical findings and the corresponding framework design requirements
                    <table-wrap id="T9" orientation="portrait" position="float">
                        <label>
Table 9. </label>
                        <caption>
                            <title>Evidence-to-Design Requirements Mapping for the Micro-Segmentation Framework.</title>
                        </caption>
                        <table content-type="article-table" frame="hsides">
                            <thead>
                                <tr>
                                    <th align="left" colspan="1" rowspan="1" valign="top">Evidence source</th>
                                    <th align="left" colspan="1" rowspan="1" valign="top">Empirical finding/justification</th>
                                    <th align="left" colspan="1" rowspan="1" valign="top">Design requirement</th>
                                    <th align="left" colspan="1" rowspan="1" valign="top">Framework feature/implementation</th>
                                </tr>
                            </thead>
                            <tbody>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Behavior domain means (
                                        <xref ref-type="table" rid="T1">
Table 1</xref>)</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Domain performance varies</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Profiling must be multi-dimensional
</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Segmentation uses BDavg + domain-specific triggers</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">TPB regression (
                                        <xref ref-type="table" rid="T4">
Table 4</xref>)</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">PBC strongest predictor</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Integrate user confidence/control into segmentation</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Include PBC in rule set</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Usability regression (
                                        <xref ref-type="table" rid="T3">
Table 3</xref>)</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Usability predicts behavior</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Reduce cognitive friction</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Simplified security flows</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Cognitive load regression</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Cognitive load reduces behavior</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Lower security burden</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Reduce prompts/authentication steps</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Fatigue correlations (
                                        <xref ref-type="table" rid="T7">
Table 7</xref>)</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Fatigue linked to risky behavior</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Implement fatigue-aware controls</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Scheduling rules</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Qualitative Theme 1</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Authentication overload</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Improve usability</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Simplified login flows</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Qualitative Theme 2</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Vigilance drops late</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Reduce non-urgent prompts</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Dynamic segmentation</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Qualitative Theme 3</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Overconfidence despite risky browsing</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Address optimistic bias</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Simulated phishing/nudges</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Qualitative Theme 4</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Training quickly forgotten</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Continuous practical training</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Segment-tailored training</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Qualitative Theme 5</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Shared devices/unstable environments</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Default-safe options</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Device hardening policies</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Qualitative Theme 6</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Segmentation acceptable if privacy respected</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Transparency/governance</td>
                                    <td align="left" colspan="1" rowspan="1" valign="top">Privacy safeguards</td>
                                </tr>
                            </tbody>
                        </table>
                    </table-wrap>
.</p>
            </sec>
            <sec id="sec26">
                <title>4.3 Purpose of the Framework</title>
                <p>The framework connects the behavioral patterns identified in the analysis with targeted intervention strategies, allowing universities to differentiate cybersecurity responses according to user capability, motivation, and contextual constraints. The framework also provides actionable guidance for system design. Enhancing usability&#x2014;through streamlined authentication, harmonized digital platforms, and context-sensitive prompts&#x2014;emerges as a critical strategy for supporting secure behavior. Similarly, recognizing fatigue dynamics enables institutions to schedule security updates, prompts, or training activities at optimal times, reducing cognitive overload and prompt fatigue.</p>
            </sec>
            <sec id="sec27">
                <title>4.4 Operational logic of the average behavioral score</title>
                <p>
                    <xref ref-type="table" rid="T10">
Table 10</xref>: presents the logical flow of the Average Behavioral Score (ABS) process within the segmentation engine of the User-Behavior Micro-Segmentation Framework (UBMSF).</p>
                <table-wrap id="T10" orientation="portrait" position="float">
                    <label>
Table 10. </label>
                    <caption>
                        <title>Operational logic of the average behavioral score (ABS) in the segmentation engine.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Step</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Purpose</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Analytical Role</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">1. Collect behavior scores</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Get data for each domain (1&#x2013;5 Likert)</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Inputs from validated instrument</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">2. Compute Average Behavioral Score (ABS)</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Summarise domains into one metric</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Creates behavior fingerprint</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">3. Feed ABS into Segmentation Engine</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Combine ABS with contextual factors</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Enables data-driven grouping</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">4. Produce behavioral segments</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Identify four user types</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Supports targeted interventions</td>
                            </tr>
                        </tbody>
                    </table>
                </table-wrap>
            </sec>
            <sec id="sec28">
                <title>4.5 Functional description of the user behavior micro-Segmentation framework (UBMSF)</title>
                <p>The User Behavior Micro-Segmentation Framework (UBMSF) is a dynamic, user-centred model developed to enhance cybersecurity management in remote and hybrid higher-education environments. It continuously evaluates user behavior, classifies individuals into behavioral micro-segments, and applies targeted interventions to promote sustained secure practices. The framework integrates behavioral science, contextual analysis, and adaptive feedback loops to address the human dimension of cybersecurity in a systematic and evidence-based manner.</p>
                <p>At its analytical core lies the Average Behavior Score (ABS), a composite metric that quantifies each user&#x2019;s cybersecurity posture. The ABS aggregates performance across multiple behavioral domains, including password management, file handling, browser safety, and network use, to generate a standardized indicator of behavioral consistency and risk exposure. By combining this behavioral measure with contextual factors such as usability difficulty and digital fatigue, the ABS enables the Segmentation Engine to produce precise user profiles. These profiles capture how users behave, why they behave that way, and how their behavior changes over time, forming the foundation for adaptive, data-driven cybersecurity management.</p>
                <p>The framework operates through four interlinked modules:
                    <list list-type="order">
                        <list-item>
                            <label>1.</label>
                            <p>

                                <bold>Assessment Module</bold> &#x2013; Collects user behavior data across digital hygiene dimensions such as password practices, device management, and browser safety. These observations are synthesized into the ABS
                                <bold>,
</bold> creating a behavioral fingerprint for each user.</p>
                        </list-item>
                        <list-item>
                            <label>2.</label>
                            <p>

                                <bold>Segmentation Engine</bold> &#x2013; Uses the ABS and contextual modifiers to classify users into four micro-segments based on their behavioral tendencies:</p>
                            <list list-type="alpha-lower">
                                <list-item>
                                    <label>a)</label>
                                    <p>Weak Across All Domains &#x2013; limited capability and inconsistent secure practices.</p>
                                </list-item>
                                <list-item>
                                    <label>b)</label>
                                    <p>Careless but Confident &#x2013; high self-perceived competence but frequent risky shortcuts.</p>
                                </list-item>
                                <list-item>
                                    <label>c)</label>
                                    <p>Fatigued and Overloaded &#x2013; motivated users whose secure behavior declines under workload or fatigue.</p>
                                </list-item>
                                <list-item>
                                    <label>d)</label>
                                    <p>Compliant and Cautious &#x2013; consistently secure users who maintain high compliance and serve as peer models.</p>
                                </list-item>
                            </list>
                        </list-item>
                        <list-item>
                            <label>3.</label>
                            <p>

                                <bold>Intervention and Guidance Module</bold> &#x2013; Aligns each segment with tailored interventions:</p>
                            <list list-type="alpha-lower">
                                <list-item>
                                    <label>a)</label>
                                    <p>Weak users receive Guidance and Simple GUIs to simplify secure behavior.</p>
                                </list-item>
                                <list-item>
                                    <label>b)</label>
                                    <p>Careless users are supported through Nudges and Simulations that reveal risk consequences.</p>
                                </list-item>
                                <list-item>
                                    <label>c)</label>
                                    <p>Fatigued users benefit from Fatigue-Aware Automation, which reduces cognitive burden.</p>
                                </list-item>
                                <list-item>
                                    <label>d)</label>
                                    <p>Compliant users are reinforced through Light Mentorship to sustain engagement.</p>
                                </list-item>
                                <list-item>
                                    <label>e)</label>
                                    <p>These interventions collectively reduce friction, correct unsafe habits, and reinforce positive cybersecurity behavior.</p>
                                </list-item>
                            </list>
                        </list-item>
                        <list-item>
                            <label>4.</label>
                            <p>

                                <bold>Monitoring and Feedback Module</bold> &#x2013;Tracks behavioral improvements over time through usability metrics, fatigue reduction, and incident trends. Users who demonstrate steady improvement move through the YES-loop toward Sustained Secure Behavior, while those showing persistent risk are re-segmented for renewed support. This cyclical process ensures continuous learning and behavioral adaptation.</p>
                        </list-item>
                    </list>
                </p>
                <p>By integrating quantitative behavior scoring (ABS) with qualitative segmentation and adaptive feedback, the UBMSF transforms cybersecurity management from a uniform awareness model into a personalized, evidence-driven process. It provides universities and organizations with a scalable mechanism to understand user heterogeneity, anticipate risk, and foster sustainable secure conduct across diverse user populations.</p>
            </sec>
            <sec id="sec29">
                <title>4.6 User segmentation logic</title>
                <p>Based on the empirical results, four principal behavioral segments were derived as indicated in 
                    <xref ref-type="table" rid="T11">table 11</xref>:</p>
                <table-wrap id="T11" orientation="portrait" position="float">
                    <label>
Table 11. </label>
                    <caption>
                        <title>User segmentation logic.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Segment</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Dominant Traits</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Indicative Interventions</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Weak-Across-All-Domains
</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Low capability, high usability barriers</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Simplified authentication, guided support, practical training</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Careless-but-Confident</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">High perceived control, risky online habits</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Just-in-time tips, simulated phishing, browser prompts</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Fatigued-and-Overloaded</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Moderate skill, high digital fatigue</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Fatigue-aware scheduling, reduced prompts</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Compliant-and-Cautious</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Consistently secure behavior, high motivation</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Peer mentorship, advanced awareness updates</td>
                            </tr>
                        </tbody>
                    </table>
                    <table-wrap-foot>
                        <p>

                            <bold>Source:</bold> Primary Data</p>
                    </table-wrap-foot>
                </table-wrap>
                <p>These segments reflect the empirical observation that motivation, social norms, and habitual patterns drive behavior more strongly than technical proficiency alone.</p>
            </sec>
            <sec id="sec30">
                <title>4.7 Policy and practical relevance</title>
                <p>The framework moves beyond generic awareness programs by embedding behavioral and contextual insight into cybersecurity management. It provides institutions with an evidence-based mechanism for allocating resources and designing interventions that reflect actual user realities. Regular reassessment ensures adaptability as technologies and work conditions evolve, supporting a continuous-improvement cycle rather than static compliance.</p>
            </sec>
            <sec id="sec31">
                <title>4.8 Theoretical significance</title>
                <p>The framework operationalises TPB by integrating environmental moderators, usability and fatigue, into its predictive structure and by applying Design Science Research logic to transform behavioral evidence into an artefact for real-world use. It thereby bridges the gap between behavioral theory and applied cybersecurity design, offering a scalable, context-aware framework suitable for higher-education environments.</p>
                <p>The User-Behavior Micro-Segmentation Framework described above was empirically validated using the behavioral dataset collected from university staff working in remote and hybrid environments. This validation sought to determine whether the relationships identified in the conceptual framework, particularly those involving usability difficulty, digital fatigue, and perceived behavioral control, were statistically significant and consistent across user segments. The following section presents the quantitative results and statistical analyses that informed the development of the framework&#x2019;s segmentation logic and intervention strategies.</p>
                <p>The framework therefore unites theoretical reasoning and empirical observation into a single interpretive structure. Having outlined how behavioral segments and contextual moderators interact, the next section interprets these results in light of existing cybersecurity behavior theory. The Discussion elaborates on how these findings extend the Theory of Planned Behavior and what they imply for both institutional practice and user-centred security design.</p>
            </sec>
        </sec>
        <sec id="sec32">
            <title>5.0 Conclusion and implications</title>
            <sec id="sec33">
                <title>5.1 Summary of key findings</title>
                <p>This study examined cybersecurity behavior among university staff working from home in resource-constrained higher education environments, with the goal of developing a User-Behavior Micro-Segmentation Framework (UBMSF) to guide context-aware cybersecurity management. The findings demonstrated that cybersecurity behavior is neither uniform nor solely dependent on awareness or intention. Instead, it is shaped by a combination of behavioral, cognitive, and contextual factors, most notably 
                    <italic toggle="yes">perceived behavioral control</italic>, 
                    <italic toggle="yes">usability difficulty</italic>, and 
                    <italic toggle="yes">digital fatigue.</italic>
                </p>
                <p>Regression analyses revealed that perceived behavioral control (PBC) was the strongest predictor of secure behavior, confirming that confidence and capability are central to effective cybersecurity practices. However, the influence of PBC was moderated by usability and fatigue&#x2014;factors that constrained users&#x2019; ability to act securely even when they understood security requirements. Clustering analysis identified four behavioral segments&#x2014;
                    <italic toggle="yes">Weak-Across-All-Domains, Careless-but-Confident, Fatigued-and-Overloaded,
</italic> and 
                    <italic toggle="yes">Compliant-and-Cautious</italic>&#x2014;which collectively illustrated the diversity of behavioral vulnerabilities within the university workforce.</p>
                <p>These results confirmed that generic, one-size-fits-all interventions are ineffective in remote academic contexts. Instead, differentiated strategies based on user segmentation can better align security measures with users&#x2019; operational realities and psychological states. The resulting UBMSF provides a structured approach for implementing this principle.</p>
            </sec>
            <sec id="sec34">
                <title>5.2 Theoretical implications</title>
                <p>
Theoretically, this study extends the TPB by embedding contextual moderators, specifically usability difficulty and digital fatigue, within its predictive framework. Traditional TPB applications assume that behavioral intention directly predicts action; however, the present findings demonstrate that intention alone is insufficient in digitally intensive work environments. Secure behavior is contingent on situational conditions that either enable or constrain perceived behavioral control.</p>
                <p>This expanded framework contributes to the emerging field of context-aware cybersecurity behavior research, providing an empirical basis for integrating environmental and usability factors into behavioral theory. The framework also bridges behavioral theory and Design Science Research (DSR) by transforming empirical data into an actionable design artefact. Through this integration, the study advances theoretical understanding of how behavioral constructs can inform the design of adaptive cybersecurity interventions in real-world institutional contexts.</p>
            </sec>
            <sec id="sec35">
                <title>5.3 Practical implications</title>
                <p>Practically, the UBMSF offers a systematic method for identifying, categorizing, and supporting users based on their behavioral and contextual profiles. The segmentation logic enables institutions to tailor interventions to specific user groups rather than applying uniform awareness campaigns. For example:
                    <list list-type="alpha-lower">
                        <list-item>
                            <label>a)</label>
                            <p>Weak-Across-All-Domains users should receive simplified tools, remote assistance, and step-by-step training focused on essential security tasks.</p>
                        </list-item>
                        <list-item>
                            <label>b)</label>
                            <p>Careless-but-Confident users benefit from behavioral nudges, phishing simulations, and targeted feedback designed to correct overconfidence biases.</p>
                        </list-item>
                        <list-item>
                            <label>c)</label>
                            <p>Fatigued-and-Overloaded users require adaptive security prompts, reduced non-critical notifications, and flexible verification workflows during high workload periods.</p>
                        </list-item>
                        <list-item>
                            <label>d)</label>
                            <p>Compliant-and-Cautious users can serve as peer mentors and departmental security champions, fostering a culture of secure practice.</p>
                        </list-item>
                    </list>
                </p>
                <p>By implementing such differentiated interventions, universities can optimize resource use while improving behavioral compliance and overall institutional resilience.</p>
            </sec>
            <sec id="sec36">
                <title>5.4 Policy and institutional implications</title>
                <p>From a policy perspective, this research supports a shift from compliance-oriented cybersecurity management to a capability-driven framework that prioritizes user empowerment. Universities should embed behavioral segmentation and adaptive support mechanisms into institutional cybersecurity policy frameworks. Decision-makers can use segmentation data to allocate training, monitoring, and technical support resources where they are most needed, improving both efficiency and inclusiveness.</p>
                <p>
Furthermore, the study highlights the necessity of integrating ethical governance into user monitoring and intervention systems. The UBMSF includes a 
                    <italic toggle="yes">governance and privacy layer</italic> to ensure transparency, consent, and accountability in data-driven cybersecurity initiatives. Institutions adopting this framework should establish clear communication protocols explaining how segmentation data are collected, stored, and used, thereby maintaining trust between staff and administrators.</p>
                <p>The evidence also underscores the importance of capacity building in cybersecurity. Policymakers should invest in developing human and technical capacity to sustain adaptive frameworks, ensuring that interventions remain responsive to evolving user behaviors and technological trends.</p>
            </sec>
            <sec id="sec37">
                <title>5.5 Limitations and future research directions</title>
                <p>While the study achieved its objective, several limitations merit consideration. The findings are based on self-reported data, which may be affected by social desirability bias. Although psychometric testing confirmed internal consistency (&#x03b1;&#x00a0;=&#x00a0;0.90), future studies should complement survey results with behavioral telemetry data, where ethically permissible, to triangulate findings.</p>
                <p>Additionally, the segmentation thresholds were derived from a Ugandan higher education sample and may require contextual recalibration when applied elsewhere. Future research should test the UBMSF in diverse institutional and cultural contexts to validate its generalizability. Longitudinal studies could also examine how behavioral segments evolve over time, providing insights into the dynamics of fatigue, motivation, and capability in cybersecurity behavior.</p>
                <p>Finally, further research should explore how artificial intelligence and predictive analytics can be integrated into the framework&#x2019;s Monitoring and Analytics component to enable real-time adaptation and precision support for users.</p>
            </sec>
            <sec id="sec38" sec-type="conclusion">
                <title>5.6 Conclusion</title>
                <p>In conclusion, this study developed and validated a User-Behavior Micro-Segmentation Framework (UBMSF) tailored to the cybersecurity management needs of universities operating in remote and resource-constrained environments. The framework addresses the critical gap between user diversity and institutional cybersecurity strategy by translating empirical behavioral evidence into a structured, adaptive management framework.</p>
                <p>The research demonstrates that effective cybersecurity extends beyond technical solutions; it depends on human capability, usability, and contextual alignment. By adopting micro-segmentation and context-aware design, universities can transform cybersecurity from a compliance challenge into a participatory process that builds user confidence, sustains secure behavior, and strengthens institutional resilience.</p>
            </sec>
        </sec>
    </body>
    <back>
        <sec id="sec41" sec-type="data-availability">
            <title>Data availability</title>
            <p>The datasets generated and analysed during the current study contain sensitive behavioral and cybersecurity-related information collected from participants within higher education institutions. The anonymized data is available for academic and non-commercial research purposes on the online repository &#x2013; Zenodo - 
                <ext-link ext-link-type="uri" xlink:href="https://doi.org/10.5281/zenodo.20523809">https://doi.org/10.5281/zenodo.20523809</ext-link> (
                <xref ref-type="bibr" rid="ref15">Atuhe, A. mike., 2026</xref>).</p>
            <p>Data are available under the terms of the 
                <ext-link ext-link-type="uri" xlink:href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International license</ext-link> (CC-BY 4.0).</p>
        </sec>
        <ref-list>
            <title>References</title>
            <ref id="ref1">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Ajzen</surname>
                            <given-names>I</given-names>
                        </name>
</person-group>:
                    <article-title>The theory of planned behavior.</article-title>
                    <source>

                        <italic toggle="yes">Organ. Behav. Hum. Decis. Process.</italic>
</source>
                    <year>1991</year>;<volume>50</volume>(<issue>2</issue>):<fpage>179</fpage>&#x2013;<lpage>211</lpage>.
                    <pub-id pub-id-type="doi">10.1016/0749-5978(91)90020-T</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref2">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Alsabri</surname>
                            <given-names>A</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Al-Hadi</surname>
                            <given-names>M</given-names>
                        </name>
</person-group>:
                    <article-title>The Role of Cybersecurity Awareness in Reducing the Complexity Impact of Authentication Methods on End-Users&#x2019; Behavior.</article-title>
                    <source>

                        <italic toggle="yes">Global Social Science and Humanities Journal.</italic>
</source>
                    <year>2025</year>;<volume>3</volume>(<issue>4</issue>):<fpage>55</fpage>&#x2013;<lpage>65</lpage>.</mixed-citation>
            </ref>
            <ref id="ref3">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Asyrofi</surname>
                            <given-names>MF</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Nugraha</surname>
                            <given-names>IGD</given-names>
                        </name>
</person-group>:
                    <article-title>Cybersecurity Of Work From Anywhere Model For Government: A Systematic Literature Review.</article-title>
                    <source>

                        <italic toggle="yes">International Journal of Electrical, Computer, and Biomedical Engineering.</italic>
</source>
                    <year>2025</year>;<volume>3</volume>(<issue>1</issue>):<fpage>117-141</fpage>&#x2013;<lpage>117&#x2013;141</lpage>.
                    <pub-id pub-id-type="doi">10.62146/ijecbe.v3i1.113</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref15">
                <mixed-citation publication-type="data">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Atuhe</surname>
                            <given-names>AM</given-names>
                        </name>
</person-group>:
                    <data-title>A User-Behavior Micro-Segmentation Framework for Cyber security in Work-From-Home Environments- Dataset.</data-title>[Data set].
                    <source>

                        <italic toggle="yes">Zenodo.</italic>
</source>
                    <year>2026</year>.
                    <pub-id pub-id-type="doi">10.5281/zenodo.20523809</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref4">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Baltuttis</surname>
                            <given-names>D</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Teubner</surname>
                            <given-names>T</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Adam</surname>
                            <given-names>MT</given-names>
                        </name>
</person-group>:
                    <article-title>A typology of cybersecurity behavior among knowledge workers.</article-title>
                    <source>

                        <italic toggle="yes">Comput. Secur.</italic>
</source>
                    <year>2024</year>;<volume>140</volume>:<fpage>103741</fpage>.
                    <pub-id pub-id-type="doi">10.1016/j.cose.2024.103741</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref5">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Donekal Chandrashekar</surname>
                            <given-names>N</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Lee</surname>
                            <given-names>A</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Azab</surname>
                            <given-names>M</given-names>
                        </name>

                        <etal/>
</person-group>:
                    <article-title>Understanding user behavior for enhancing cybersecurity training with immersive gamified platforms.</article-title>
                    <source>

                        <italic toggle="yes">Information.</italic>
</source>
                    <year>2024</year>;<volume>15</volume>(<issue>12</issue>):<fpage>814</fpage>.
                    <pub-id pub-id-type="doi">10.3390/info15120814</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref16">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">
                        <name name-style="western">
                            <surname>Ifinedo</surname>
                            <given-names>P</given-names>
                        </name>
                    </person-group>(<year>2020</year>).
                    <article-title>Understanding the influence of usability on cybersecurity compliance behavior</article-title>.
                    <source>Information and Computer Security</source>,<volume>28</volume>(<issue>5</issue>),<fpage>759</fpage>&#x2013;<lpage>773</lpage>.
                    <pub-id pub-id-type="doi">10.1108/ICS-12-2019-0143</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref6">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Kannel&#x00f8;nning</surname>
                            <given-names>K</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Katsikas</surname>
                            <given-names>SK</given-names>
                        </name>
</person-group>:
                    <article-title>A systematic literature review of how cybersecurity-related behavior has been assessed.</article-title>
                    <source>

                        <italic toggle="yes">Information &amp; Computer Security.</italic>
</source>
                    <year>2023</year>;<volume>31</volume>(<issue>4</issue>):<fpage>463</fpage>&#x2013;<lpage>477</lpage>.
                    <pub-id pub-id-type="doi">10.1108/ICS-08-2022-0139</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref7">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Leal Filho</surname>
                            <given-names>W</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Wall</surname>
                            <given-names>T</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Salvia</surname>
                            <given-names>AL</given-names>
                        </name>

                        <etal/>
</person-group>:
                    <article-title>The impacts of the COVID-19 lockdowns on the work of academic staff at higher education institutions: An international assessment.</article-title>
                    <source>

                        <italic toggle="yes">Environ. Dev. Sustain.</italic>
</source>
                    <year>2025</year>;<volume>27</volume>(<issue>6</issue>):<fpage>13973</fpage>&#x2013;<lpage>13999</lpage>.
                    <pub-id pub-id-type="doi">10.1007/s10668-024-04484-x</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref8">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Maalem Lahcen</surname>
                            <given-names>RA</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Caulkins</surname>
                            <given-names>B</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Mohapatra</surname>
                            <given-names>R</given-names>
                        </name>

                        <etal/>
</person-group>:
                    <article-title>Review and insight on the behavioral aspects of cybersecurity.</article-title>
                    <source>

                        <italic toggle="yes">Cybersecurity.</italic>
</source>
                    <year>2020</year>;<volume>3</volume>(<issue>1</issue>):<fpage>10</fpage>.
                    <pub-id pub-id-type="doi">10.1186/s42400-020-00050-w</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref9">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Moustafa</surname>
                            <given-names>AA</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Bello</surname>
                            <given-names>A</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Maurushat</surname>
                            <given-names>A</given-names>
                        </name>
</person-group>:
                    <article-title>The role of user behavior in improving cyber security management.</article-title>
                    <source>

                        <italic toggle="yes">Front. Psychol.</italic>
</source>
                    <year>2021</year>;<volume>12</volume>:<fpage>561011</fpage>.
                    <pub-id pub-id-type="doi">10.3389/fpsyg.2021.561011</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref10">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Ndaba</surname>
                            <given-names>NE</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Gedala</surname>
                            <given-names>MN</given-names>
                        </name>
</person-group>:
                    <article-title>Digital transformation challenges in higher education institutions post COVID-19.</article-title>
                    <source>

                        <italic toggle="yes">Corporate Governance and Organizational Behavior Review.</italic>
</source>
                    <year>2024</year>;<volume>8</volume>:<fpage>54</fpage>&#x2013;<lpage>63</lpage>.
                    <pub-id pub-id-type="doi">10.22495/cgobrv8i3p5</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref17">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">
                        <name name-style="western">
                            <surname>Nilup&#x00fa;-Moreno</surname>
                            <given-names>E.</given-names>
                        </name> 
                        <name name-style="western">
                            <surname>Salas-Riega</surname>
                            <given-names>M</given-names>
                        </name>
                    </person-group>(<year>2024</year>).
                    <article-title>Digital fatigue and cybersecurity behavior in remote work environments</article-title>.
                    <source>Computers &amp; Security</source>,<volume>139</volume>,<issue>103676</issue>.
                    <pub-id pub-id-type="doi">10.1016/j.cose.2024.103676</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref11">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Peffers</surname>
                            <given-names>K</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Tuunanen</surname>
                            <given-names>T</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Rothenberger</surname>
                            <given-names>MA</given-names>
                        </name>

                        <etal/>
</person-group>:
                    <article-title>A design science research methodology for information systems research.</article-title>
                    <source>

                        <italic toggle="yes">J. Manag. Inf. Syst.</italic>
</source>
                    <year>2007</year>;<volume>24</volume>(<issue>3</issue>):<fpage>45</fpage>&#x2013;<lpage>77</lpage>.
                    <pub-id pub-id-type="doi">10.2753/MIS0742-1222240302</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref12">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Radha</surname>
                            <given-names>P</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Sayyed</surname>
                            <given-names>N</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Fathima</surname>
                            <given-names>Y</given-names>
                        </name>
</person-group>:
                    <article-title>The new normal: Navigating cyber security challenges in remote work policies.</article-title>
                    <source>

                        <italic toggle="yes">NPRC Journal of Multidisciplinary Research.</italic>
</source>
                    <year>2024</year>;<volume>1</volume>(<issue>8</issue>):<fpage>106</fpage>&#x2013;<lpage>118</lpage>.
                    <pub-id pub-id-type="doi">10.3126/nprcjmr.v1i8.73042</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref13">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Wong</surname>
                            <given-names>MML</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Lau</surname>
                            <given-names>KH</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Chan</surname>
                            <given-names>CWF</given-names>
                        </name>
</person-group>:
                    <article-title>The impacts and success factors of a work-from-home service-learning internship during COVID-19.</article-title>
                    <source>

                        <italic toggle="yes">Journal of Work-Applied Management.</italic>
</source>
                    <year>2021</year>;<volume>13</volume>(<issue>2</issue>):<fpage>284</fpage>&#x2013;<lpage>301</lpage>.
                    <pub-id pub-id-type="doi">10.1108/JWAM-01-2021-0003</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref14">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Yidana</surname>
                            <given-names>P</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Asapeo</surname>
                            <given-names>A</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Laar</surname>
                            <given-names>SK</given-names>
                        </name>
</person-group>:
                    <article-title>Challenges facing online teaching and learning in african higher education institutions: Empirical review.</article-title>
                    <source>

                        <italic toggle="yes">European Journal of Open Education and E-Learning Studies.</italic>
</source>
                    <year>2023</year>;<volume>8</volume>(<issue>2</issue>).
                    <pub-id pub-id-type="doi">10.46827/ejoe.v8i2.4974</pub-id>
                </mixed-citation>
            </ref>
        </ref-list>
    </back>
</article>
