Human factors in cybersecurity remain conceptualized as static, isolated vulnerabilities, lacking systematic modeling and empirical validation. Method: This paper introduces the first dynamic, multidimensional human-factor cybersecurity framework, integrating a cognitive-affective-behavioral model with attribution theory to systematically identify 50 human factors and 295 interaction mechanisms, and to formally define 12 types of human-factor interactions. Leveraging systematic mapping analysis and empirical psychometrics, we develop a psychometric toolkit comprising 99 actionable metrics. Contribution/Results: The framework enables a paradigm shift from static trait-based perspectives to dynamic systems thinking. It yields three applied outputs: (1) a human-risk diagnostic protocol, (2) evidence-based security training guidelines, and (3) human-centered interface design principles. This work establishes a unified theoretical foundation and engineering-ready infrastructure for human-centric cybersecurity research and practice.

Current cybersecurity research increasingly acknowledges the human factor, yet remains fragmented, often treating user vulnerabilities as isolated and static traits. This paper introduces MORPHEUS, a holistic framework that operationalizes human-centric security as a dynamic and interconnected system. Grounded in the Cognition-Affect-Behavior (CAB) model and Attribution Theory, MORPHEUS consolidates 50 human factors influencing susceptibility to major cyberthreats, including phishing, malware, password management, and misconfigurations. Beyond factor identification, the framework systematically maps 295 documented interactions, revealing how cognitive, emotional, behavioral, and socio-organizational processes jointly shape security outcomes, and distills them into twelve recurring interaction mechanisms. MORPHEUS further links theory to practice through an inventory of 99 validated psychometric instruments, enabling empirical assessment and targeted intervention. We illustrate the framework's applicability through concrete operational scenarios, spanning risk diagnosis, training, and interface design. Overall, MORPHEUS provides a rigorous yet actionable foundation for advancing human-centered cybersecurity research and practice.