Death by a thousand facts is the title of a recently published academic paper by Geordie Stewart and me. It sets out to examine why mainstream information security awareness techniques have failed to evolve at the same rate as automated technical security controls and to suggest improvements based on psychology and safety science.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Awareness programmes should not simply broadcast facts to an audience in the hope that behaviour might improve. They can be substantially improved with a little analysis and an understanding of the learning points from more mature fields such as safety.
It’s an excellent paper though I have to admit it’s largely Geordie’s work. He has an excellent knowledge of the application of psychology to analyse and solve security problems in industry. Unfortunately you have to buy it to read it.