Information Security Forum Examines Human-Centered Security in Latest Digest
By: Information Security Forum
ISF research has found that errors and manipulation now account for the majority of security incidents. By helping staff understand how these vulnerabilities can lead to poor decision making and errors, organizations can manage risk. In an effort to support global organizations, the ISF announces the release of Human-Centred Security: Addressing Psychological Vulnerabilities which helps security professionals understand how psychological vulnerabilities in humans can lead to errors in decision making, identify methods and techniques used by attackers to exploit psychological vulnerabilities and manage psychological vulnerabilities to improve information security.
"Human-centred security starts by acknowledging that humans have psychological vulnerabilities that may impact decision making," said Steve Durbin, Managing Director, ISF. "During interactions with technology, controls and data, employees may make errors that lead to security incidents, negatively impacting the organization. By understanding what triggers human error and the psychological methods attackers use to manipulate targets, organizations can improve security awareness and design controls to account for human behavior, enabling them to mitigate the risk of human error."
Organizations that are already taking a human-centred approach to information security typically spend extended periods of time observing human interaction with technology, controls and data, to identify which specific cognitive biases are triggered, and understanding why this is the case. This enables effective and targeted investment in human-centred security improvement programs which prioritize the highest risk areas. There is, however, insufficient good practice in order to identify which solutions merit more investment than others, so it will depend on the organization, the specific human vulnerabilities that lead to errors in decision making, and the most common types of attacks.
"By discovering the cognitive biases, behavioral triggers and attack techniques that are most common, tailored psychological training can be introduced into an organization's awareness campaigns," continued Durbin. "Once information security is understood through the lens of psychology, organizations will be better prepared to manage and mitigate the risks posed by human vulnerabilities. Human-centred security might just help organizations transform their weakest link into their strongest asset."
Human-Centred Security: Addressing Psychological Vulnerabilities is available now to ISF Member companies via the ISF website (http://www.securityforum.org/
About the Information Security Forum
The Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. The ISF is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members. For more information, please visit https://www.securityforum.org/