Home to Geordie Stewart's blog on information security awareness, risk communication and security ethics.

Risk IntelligenceRisk Intelligence
Risk Intelligence
Information Security Awareness
  • Home
  • About us
  • Services
  • Awareness Blog
  • Follow Us
  • Contact us
Menu back  

Criminals and Moral Codes

Rumor Has IT – Fake News and Cyber Security

Five Minutes With Lance Spitzner

Security Awareness Tips From A Social Engineer

The Craziest Information Security Stories of 2016

7 Habits of Highly Successful Security Policies

Keeping IT Simple

Polluting The Privacy Debate

About this blog

Martin Luther King said ‘I have a dream’, not ‘I have a plan’

– Simon Sinek

Engaging end users using marketing, psychology and safety theory.

Popular posts

Getting Permission To Use HaveIBeenPwned From Your Legal Dept
4th April 2018
The Craziest Information Security Stories of 2017
4th January 2018
Rumor Has IT: How Fake News Damages Cyber Security
7th June 2017
The Craziest Information Security Stories Of 2016
11th February 2017

About Geordie Stewart

Geordie Stewart, MSc, CISSP, is an international speaker and keen innovator in the area of technology risk communication.

His award winning masters thesis at the Royal Holloway Information Security Group examined information security awareness from a fresh perspective as a marketing and communications challenge. In his regular speaking appearances at international information security conferences such as RSA, ISACA and ISSA he challenges conventional thinking on risk culture and communication.

In addition to senior security management roles in large UK organisations Geordie writes the security awareness column for the ISSA international journal.

FacebookTwitterPinterestGoogle+Instagram

Awareness Blog

View allBlogConferencesFeaturedMental ModelsOrganisational CulturePrivacyRisk CompensationRisk PsychologySafetySecurity AwarenessSecurity EconomicsSecurity MetricsSurveillanceTrust

Bounded Rationality

Are humans rational? When we see computer users to silly things which place themselves or their information at risk its easy to take a view that people are illogical. The problem is that logic can’t be examined separately from perception.

There is significant debate within psychology literature as to the extent to which humans can be described as rational. Rationality is sometimes described as the ability for individuals to select the “best” option when confronted with a set of choices. The best option is also referred to as a “value maximising” option when the most benefit is obtained for the least expenditure of resources or exposure to risk.

The problem is that people routinely fail to select a “value maximising” option and exhibit apparently illogical behaviour. Commonly, an option mathematically modelled as the best choice by the technical experts isn’t the choice chosen by information system users when responding to risk.  

Details
Leave a commentBlog, Risk Psychology, Security EconomicsBy rskadmin

Mental Models

mentalmodelsOne of the problems with the current approach to information security awareness is that methodologies such as ENISA are detailed about the logistics of planning security awareness but don’t have much to say about the content of security awareness.

So, how would you determine what information an audience needs to know so that they can manage the risks they face? Mental models offer a structured way of approaching risk communications rather than just “broadcasting facts”.

A mental model is a pattern of understanding held by an individual. It consists of what beliefs they hold, the strength of those beliefs and the connection between beliefs. Safety experts note that when risk communication takes place the audience will have some degree of pre-existing knowledge which forms their mental model:

“…for most risks, people have at least some relevant beliefs, which they will use in interpreting the communication. They may have heard some things about the risk in question. It may remind them of related phenomena.” (Morgan et al 2002)

Details
Leave a commentBlog, Mental ModelsBy rskadmin
1
23456
…7891011
Prev page
Risk Intelligence
Copyright © 2015 Risk Intelligence Ltd.
  • Home
  • About us
  • Follow Us
  • Contact us
Footer