This paper explores the role of cognitive and cultural biases in shaping information security perceptions and behaviors. We draw upon related literature from contiguous disciplines (namely behavioral economics and health and safety research) to develop a conceptual framework and analyze the role of cognitive and cultural biases in information security behavior. We discuss the implications of biases for security awareness programs and provide a set of recommendations for planning and implementing awareness programs, and for designing the related material.
Aggeliki Tsohou, Maria Karyda, and Spyros Kokolakis. Analyzing the role of cognitive and cultural biases in the internalization of information security policies: recommendations for information security awareness programs. Computers & security, 52:128–141, 2015. doi:10.1016/j.cose.2015.04.006.
@article{tsohou_analyzing_2015,
author = {Tsohou, Aggeliki and Karyda, Maria and Kokolakis, Spyros},
doi = {10.1016/j.cose.2015.04.006},
journal = {Computers \& security},
pages = {128--141},
shorttitle = {Analyzing the Role of Cognitive and Cultural Biases in the Internalization of Information Security Policies},
title = {Analyzing the Role of Cognitive and Cultural Biases in the Internalization of Information Security Policies: Recommendations for Information Security Awareness Programs},
volume = {52},
year = {2015}
}