Search Results for “Behavioral”

Behavioral Economics Sightings in Information Security

Below is a list of resources I am aware of exploring the intersection of behavioral economics and information security. If you are aware of others, please leave a comment. Website: Applying Behavioral Economics to Harden Cyberspace Paper: Information Security: Lessons from Behavioural Economics Paper: Using Behavioural Insights To Improve the Public’s Use of Cyber Security Best Practices … Continue reading “Behavioral Economics Sightings in Information Security”

Cyber Security Lessons From Behavioral Economics

In this series, I am exploring the intersection of information security and behavioral economics. As a long time information security person that recently began studying behavioral economics, I’ve come to realize that much of traditional information security programs are built using standard economic models. For example, the Simple Model of Rational Crime (SMOC) has implicitly … Continue reading “Cyber Security Lessons From Behavioral Economics”

Cyber Security and Behavioral Science

I recently read a post about improving security awareness using lessons from behavioral science. The field of behavioral economics and its intersection with information security has been a growing interest of mine, and the post I mentioned inspired me to start a series of posts, starting with this one, on the myriad opportunities there are … Continue reading “Cyber Security and Behavioral Science”

Game Theory, Behavioral Economics and Anti-Virus

The information security community continuously laments the ineffectiveness of anti-virus lately. Report after report indicate that AV catches only between 5% and 55% of malware. Can any organization justify the cost for such a generally ineffective control? Symantec themselves has even stated that the usefulness of AV is waning. However, when the bill comes for … Continue reading “Game Theory, Behavioral Economics and Anti-Virus”

Behavioral Economics and Information Security

I recently finished reading Dan Ariely’s “Predictably Irrational” book series about behavioral economics and the impacts of cognitive biases on behaviors and decision making. The lessons from behavioral economics seem, to me at least, to have significant implications for information security. I was a bit surprised at the apparent lack of study around this linkage. … Continue reading “Behavioral Economics and Information Security”

Thank you and My #infosec Hopes For 2019

I already published my ground-breaking infosec predictions for 2019, but I also want to say thank you to all the great people that I’ve had the privilege to work with and have met, even if only through social media. I appreciate every one of you. One of the things that I’ve come to learn about … Continue reading “Thank you and My #infosec Hopes For 2019”

Assessing Risk Assessments

I recently finished listening to the book titled “Suggestible You”. The book is fascinating overall, but one comment the author made repeatedly is that the human brain is a “prediction machine”. Our brains are hardwired to make constant snap predictions about the future as a means of surviving in the world. That statement got me … Continue reading “Assessing Risk Assessments”

Data Breaches and Randomness

The field of information security is a prime example of making decisions under uncertainty. Generally, there is far more to do than can be done, and therefore we must make priority decisions of what to protect, where to invest, how and who to train, and so on. We know that we cannot create a perfectly … Continue reading “Data Breaches and Randomness”

Differentiating IT Risk From Other Business Risk

It’s often said that IT risk is just another type of business risk, not different than the risk of hiring a new person, or the risk of a new product or a new acquisition. I recently listened to the audiobook “The Undoing Project”, which is the story of Amos Tversky and Daniel Kahneman and their … Continue reading “Differentiating IT Risk From Other Business Risk”

Why Putting Tape Over Your Webcam Might Make Sense

I will admit that I roll my eyes, even if it is only on the inside some times, when I see people with tape or some other device covering the webcam on their laptop. My self-righteous logic goes like this: most people I interact with are using the computers I see them using for business … Continue reading “Why Putting Tape Over Your Webcam Might Make Sense”