There needs to be a consideration of human factors, human-computer interaction (HCI), and complex adaptive capabilities (CAC), when seeking to better integrate activities directed at understanding how to gain acceptance of cyber security precautions from the end user community.
We must consider our approach to cyber security, and leverage best practices of current HCI, human factors, and CAC experiences that will support a shift towards using broad and explicit training and technology in order to reify where you are, why you are where you are, and towards developing a plan of where you might go from here.
Incorporating human factors into your cyber security testing and planning, is using what you know about human behavior, perception, attention, and cognition to create more realistic and valuable scenarios based on the changing work environments. In today’s decentralized environment, this can only be achieved with the use of tools that allow for distributed teams to participate in testing and response to cyber threats.
Designed artifacts (scenarios) can be cyber threat scenarios supported by injects (data points for the scenarios) that will efficiently highlight causal effects uncovering the underlying psychological rationale of users. The scenarios and the effects caused by them highlight the root causes and why employees respond the way they do in the scenarios.
When utilized properly, CAC’s effects may be more revolutionary. A key assumption of CAC is that due to our current organizational structure, leadership style, knowledge, and technology, there are many cyber threats yet to be identified.
These threats may indeed be unknowable in advance no matter how many precautions you take. There are some cyber security experts and senior managers, whose training goes against complexity theory, which leads to ignoring the fact that there are, and will be, unknown variables. These leaders have sub-optimized thinking that will reject this idea on both emotional and financial reasoning.
Tapping Into Your Employees Corporate Wisdom
The success of any cyber security approach is implementation and process change is based on two things: first, on the ability to capture the knowledge of technology independent vulnerabilities or challenges that your employees already know. This knowledge is aware of where current precautions falls short as well as being the first to identify new threats. Tapping into your company’s corporate wisdom is captured using proven techniques such as Thought Leadership Pods, Think Tanks, Delphi research methodology and more
Given the dynamics of system change in the era of rapidly changing technological, an effective cyber security plan will be designed by those who can predict the transformations, changing roles, and the kinds of adaptations employees will create to level-set the new technology and process improvements. The S.M.A.R.T. Platform will help CISO’s, executives, and management design cyber security awareness training that is Systemic…Measurable…Alignable…Relatable…Tailorable
Yes, Our societal changes have created a need for speed. This dynamic challenges’ traditional security process due to the quickening pace and use of technology in our everyday life.
The expectation of speed has led companies to adopt simplification strategies, that attempt to simplify cyber security by converting a dynamic process, that incorporates human factors and technology, into a static environment. Companies are more concerned about economics, efficiency, and profit benefits in every change being made today. This has caused senior management to oversimplify and convert multifaceted, interconnected threats into a discussion around e-mail and web-surfing.
The pace of technological advances and process changes has increased exponentially. Expectations on both technical and non-technical employees has raised the bar for speed of implementation and user-friendly interfaces.
There are many consequences of both the technology and process changes employees are experiencing. The need for cyber security training with an emphasis on how it will affect each employee, the company and their community must be paramount.
Corporate Entrepreneurs get everyone in your company involved and you will stop threats before they happen. Reify- Make something abstract, more concrete and real