Death by a thousand facts

| No Comments
| More

Death by a thousand facts is the title of a recently published academic paper by Geordie Stewart and me. It sets out to examine why mainstream information security awareness techniques have failed to evolve at the same rate as automated technical security controls and to suggest improvements based on psychology and safety science.

Awareness programmes should not simply broadcast facts to an audience in the hope that behaviour might improve. They can be substantially improved with a little analysis and an understanding of the learning points from more mature fields such as safety.  

It's an excellent paper though I have to admit it's largely Geordie's work. He has an excellent knowledge of the application of psychology to analyse and solve security problems in industry. Unfortunately you have to buy it to read it.  

Enhanced by Zemanta

Leave a comment

About this Entry

This page contains a single entry by David Lacey published on December 22, 2015 3:36 PM.

In praise of the Digital Catapult was the previous entry in this blog.

Find recent content on the main index or look in the archives to find all content.



-- Advertisement --