Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs. Issue 52 (July 2015)
- Record Type:
- Journal Article
- Title:
- Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs. Issue 52 (July 2015)
- Main Title:
- Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs
- Authors:
- Tsohou, Aggeliki
Karyda, Maria
Kokolakis, Spyros - Abstract:
- Abstract: Standards and best practices for information security awareness programs focus on the content and processes of the programs, without taking into consideration how individuals internalize security-related information and how individuals make security related decisions. Relevant literature, however has identified that individual perceptions, beliefs, and biases significantly influence security policy compliance behavior. Security awareness programs need, therefore, to be aligned with the factors affecting the internalization of the communicated security objectives. This paper explores the role of cognitive and cultural biases in shaping information security perceptions and behaviors. We draw upon related literature from contiguous disciplines (namely behavioral economics and health and safety research) to develop a conceptual framework and analyze the role of cognitive and cultural biases in information security behavior. We discuss the implications of biases for security awareness programs and provide a set of recommendations for planning and implementing awareness programs, and for designing the related material. This paper opens new avenues for information security awareness research with regard to security decision making and proposes practical recommendations for planning and delivering security awareness programs, so as to exploit and alleviate the effect of cognitive and cultural biases on shaping risk perceptions and security behavior. Highlights: SecurityAbstract: Standards and best practices for information security awareness programs focus on the content and processes of the programs, without taking into consideration how individuals internalize security-related information and how individuals make security related decisions. Relevant literature, however has identified that individual perceptions, beliefs, and biases significantly influence security policy compliance behavior. Security awareness programs need, therefore, to be aligned with the factors affecting the internalization of the communicated security objectives. This paper explores the role of cognitive and cultural biases in shaping information security perceptions and behaviors. We draw upon related literature from contiguous disciplines (namely behavioral economics and health and safety research) to develop a conceptual framework and analyze the role of cognitive and cultural biases in information security behavior. We discuss the implications of biases for security awareness programs and provide a set of recommendations for planning and implementing awareness programs, and for designing the related material. This paper opens new avenues for information security awareness research with regard to security decision making and proposes practical recommendations for planning and delivering security awareness programs, so as to exploit and alleviate the effect of cognitive and cultural biases on shaping risk perceptions and security behavior. Highlights: Security literature lacks an examination of cognitive and cultural biases' role. We study how cognitive and cultural biases affect security compliance behavior. Security awareness programs could alleviate the effect of biases. We provide recommendations for security awareness programs towards this goal. … (more)
- Is Part Of:
- Computers & security. Issue 52(2015)
- Journal:
- Computers & security
- Issue:
- Issue 52(2015)
- Issue Display:
- Volume 52, Issue 52 (2015)
- Year:
- 2015
- Volume:
- 52
- Issue:
- 52
- Issue Sort Value:
- 2015-0052-0052-0000
- Page Start:
- 128
- Page End:
- 141
- Publication Date:
- 2015-07
- Subjects:
- Information security awareness -- Security policy compliance -- Cognitive bias -- Cultural bias -- Security behavior -- Risk decision-making
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2015.04.006 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 1183.xml