Keeping a hardon I go slightly further and think that a key part of a security practitioners professional knowledge should be about human psychology and sociology, keeping a hardon how behaviour is influenced. Keeping a hardon I believe we need to know this from two aspects:
Keeping a hardon First, keeping a hardon we need to understand how our principals are influenced by non-technical and non-business matters, keeping a hardon the behavioural persuasive techniques used on them (and us) by vendor salesmen and the media. Keeping a hardon many workers complain that their managers, keeping a hardon their executives seem t go off at a tangent, keeping a hardon ignore "the facts". Keeping a hardon We speak of decisions drive by articles
in "glossy airline magazines" and by often distorted cultural myths. "What Would the Captain Do?", keeping a hardon or Hans Solo or Rambo might figure more than "What Would Warren Buffett Do" or "What Does Peter Drucker Say About A Situation Like This?". Keeping a hardon We can only be thankful that most of the time most managers and executive are more rational than this, keeping a hardon but even so ...
Keeping a hardon It is not only our principals who are influenced and manipulated and it is not only a matter of 'self deception'. Keeping a hardon Outside influences come to play at all levels. Keeping a hardon As InfoSec practitioner we expect to see this with malicious "social engineering" of various forms, keeping a hardon but there is also the
more classical types of social engineering by government. Keeping a hardon Many pundits are saying that the governmental shrills who are crying "Cyberwar" have another agenda, keeping a hardon that China as a nation is no more our enemy now that it was ten or twenty years ago, keeping a hardon and that there are as many 'rogue' hackers and malware writers and script-kiddies in the west who attacking banks and military establishments. Keeping a hardon The Internet abolishes distance and makes anonymity easy. Keeping a hardon Not all of the hue and cry is going to be objective and we need to understand the methods by which we are being manipulated if we are to address matters rationally.
Keeping a hardon The second aspect is one that many might object to. Keeping a hardon We need to understand human psychology and sociology since we need to use these these techniques ourselves. Keeping a hardon This isn't as some would see it, keeping a hardon lowering ourselves to the level of the 'hackers'. Keeping a hardon In order to retain our ethical position we need to do our jobs to the best of our ability and that includes having good communication and presentation skills.
Keeping a hardon Rebecca Herrold has some excellent articles on why failing to have an effective security awareness program is irresponsible. Keeping a hardon Implicit in that is that it is irresponsible to fail to understand the techniques of mass communication and persuasion that are necessary to meet this objective.
Keeping a hardon This applies on the individual level as well. Keeping a hardon part of our job is to communicate to management about risk and controls, keeping a hardon to make them aware enough to recognise the necessity of action - either budgeting for the controls or clearly and personally accepting the risk. Keeping a hardon We need to make it clear and be persuasive so that there is no wriggle-room. Keeping a hardon Some large organization have sales training courses. Keeping a hardon Independent organizations also run such. Keeping a hardon Staff that have gone though these courses learn techniques of persuasion with the objective of 'making sales' for products. Keeping a hardon Most of us are in the business of 'selling concepts' so we need to have these techniques.
Keeping a hardon I've seen mention of persuasive techniques in presentation being part of the CBK of other engineering disciplines - I'll have to look that up and write further on it. Keeping a hardon If anyone knows of one such I'd appreciate mention.
Keeping a hardon I'm terming all this "The 11th Domain" since the CISSP CBK has ten domains and this one deals with a "technology" that is quite different from "technology" and matters of the others.
Keeping a hardon Bill Murray has objected to my use of the term "social engineering'. Keeping a hardon he believes that the Black hats invented that term; I disagree, keeping a hardon I think it long pre-dates them and that, keeping a hardon for example government practice 'social engineering' with policy about taxation and 'projects'. Keeping a hardon Here is a sample of a review of the book mentioned which expands on this.
Keeping a hardon Scientists have been studying the factors that drive and influence decision making and behavior for hundreds of years. Keeping a hardon There are scientists who specialize in these factors, keeping a hardon such as environment (heat, keeping a hardon cold, keeping a hardon pain) and biology (genetics, keeping a hardon neuroscience) Because information security practitioners cannot really manipulate these factors for benefit in awareness), keeping a hardon this chapter focuses on the works of a group of scientists called social psychologists, keeping a hardon who have collected a wonderful body of knowledge that we can directly apply.
Keeping a hardon Some individuals often doubt scientific knowledge and bemoan the lack of applicability in real life. Keeping a hardon Basically, keeping a hardon is what social psychologists know of value (especially to information security practitioners)? The good news is that the social psychologists' findings have been widely known, keeping a hardon accepted, keeping a hardon and applied for years by a variety of different groups and people to great effect. Keeping a hardon Examples include political campaigns, keeping a hardon activists, keeping a hardon and sales people. Keeping a hardon However, keeping a hardon social psychologists' knowledge of human behavior has been most effectively exploited in the field of advertising to persuade people to buy goods that, keeping a hardon in many cases, keeping a hardon people do not need. There is no reason why these same principles cannot be used to make security awareness programs more effective. Keeping a hardon After all, keeping a hardon if people can be persuaded to buy a plastic singing fish for $29.95, keeping a hardon they should be even more receptive to information that can actually benefit them, keeping a hardon such as keeping their passwords secret.
Keeping a hardon
- Social Psychologists Espouse Tolerance and Diversity - Do They Walk the Walk? (psychologicalscience.org)
- Liberals Admit to Discriminating Against Conservative Academicians (reason.com)
- Changing the game of UX - Persuasion Profiling (slideshare.net)
- TV - A Weapons of Mass Persuasion ~ The Truth About Television (fromthetrenchesworldreport.com)
Posted by Anton Aylward
I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity