Death by a thousand facts

By David Lacey on April 24, 2012 8:21 AM | No Comments | No TrackBacks
| More

Death by a thousand facts is the title of a recently published academic paper by Geordie Stewart and me. It sets out to examine why mainstream information security awareness techniques have failed to evolve at the same rate as automated technical security controls and to suggest improvements based on psychology and safety science.

Awareness programmes should not simply broadcast facts to an audience in the hope that behaviour might improve. They can be substantially improved with a little analysis and an understanding of the learning points from more mature fields such as safety.  

It's an excellent paper though I have to admit it's largely Geordie's work. He has an excellent knowledge of the application of psychology to analyse and solve security problems in industry. Unfortunately you have to buy it to read it.  

Enhanced by Zemanta

Categories:

Tags:

| More

No TrackBacks

TrackBack URL: http://www.computerweekly.com/cgi-bin/mt-tb.cgi/46106

Leave a comment

About this Entry

This page contains a single entry by David Lacey published on April 28, 2012 10:04 PM.

Death by a thousand facts was the previous entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Search

Recent Entries

Archives

Categories

 

-- Advertisement --