MORPHEUS: A Multidimensional Framework for Modeling, Measuring, and Mitigating Human Factors in Cybersecurity

TL;DR

MORPHEUS is a comprehensive framework that models human factors in cybersecurity as a dynamic system, integrating theory, empirical tools, and practical scenarios to improve understanding and mitigation of human vulnerabilities.

Contribution

It introduces MORPHEUS, a novel multidimensional framework that consolidates human factors, interaction mechanisms, and assessment tools for human-centric cybersecurity.

Findings

Mapped 295 interactions among human factors

Identified 12 recurring interaction mechanisms

Linked theory to practical assessment tools

Abstract

Current cybersecurity research increasingly acknowledges the human factor, yet remains fragmented, often treating user vulnerabilities as isolated and static traits. This paper introduces MORPHEUS, a holistic framework that operationalizes human-centric security as a dynamic and interconnected system. Grounded in the Cognition-Affect-Behavior (CAB) model and Attribution Theory, MORPHEUS consolidates 50 human factors influencing susceptibility to major cyberthreats, including phishing, malware, password management, and misconfigurations. Beyond factor identification, the framework systematically maps 295 documented interactions, revealing how cognitive, emotional, behavioral, and socio-organizational processes jointly shape security outcomes, and distills them into twelve recurring interaction mechanisms. MORPHEUS further links theory to practice through an inventory of 99 validated psychometric instruments, enabling empirical assessment and targeted intervention. We illustrate the framework's applicability through concrete operational scenarios, spanning risk diagnosis, training, and interface design. Overall, MORPHEUS provides a rigorous yet actionable foundation for advancing human-centered cybersecurity research and practice.