Exam section A - Question 3 Flashcards
Hyperbolic discounting
refers to the tendency for people to increasingly choose a smaller-sooner reward over a larger-later reward as the delay occurs sooner rather than later in time.
Optimism bias
(also known as unrealistic or comparative optimism) is a cognitive bias that causes a person to believe that they are at a lesser risk of experiencing a negative event compared to others.
Psychologists can introduce cultural/behavioural shifts toward higher security on individual/collective levels in what 5 ways?
- Exploring perceptions of risk and reward
- Identifying patterns of criminal/malicious activity
- Advising legislators/steering groups on social impact of cyber-crime
- Raising public awareness of cybersecurity risks
- Understand impact of cyber-crime on victims behaviour through the stages of victimisation
Point 1 - Exploring perceptions of risk and reward
Identify social situations in which individuals have a higher tendency to discount risk of sharing private information - social media/casual conversation
Point 2 - Identifying patterns of criminal/malicious activity
Interacting with tech providers to develop security systems capable of detecting such activities
Point 3 - Advising legislators/steering groups on social impact of cyber-crime
To increase legislation to a comparable level to non-virtual crimes, and encourage uniform legislation between countries, as unequal legislation is a major factor in hinderance of the fight on cyber-crime
Point 4 - Raising public awareness of cybersecurity risks
Through mainstream media/social networks (as opposed to journal articles) so that people adjust their behaviour toward privacy
Point 5 - Understand impact of cyber-crime on victims behaviour through the stages of victimisation
Focus on the symptoms and outputs of the Preliminal (separation), liminal (transitional), and post-liminal (incorporation) stages of victimisation
Accidental insider
No malicious intent
Transgress through misjudgement, ignorance, lack of knowledge
3 causes of accidental insider cyber-security breaches
Lack of understanding about the importance of data, software, and systems
Ignorance about level of risk attached to assets for which they have direct responsibility
Lack of understanding how their behaviour could be putting the same asset at risk
Insider threat: Malicious intent (4) (PNEUMONIC: LENS)
Lack of social skills and isolation
Ethical flexibility
Negative life experiences
Sense of entitlement
Insider threat: Personality traits (9) (PNEUMONIC: MAIL LEERS)
Manipulative
Amoral and unethical
Immaturity
Lacks conscientiousness
Low self-esteem Emotionally unstable Evidence of underlying psychopathy or personality disorder Restless & Impulsive Superficial
Insider threat can also be as a result of environmental factors such as (2)
Lifestyle changes
Circumstantial vulnerabilities
Insider threat: psychological factors (5) (PNEUMONIC: PEERS)
Poor work attitude Exploitable/vulnerable lifestyle Exploitable/vulnerable work profile Recent negative life events Signs of stress
Accidental/unintentional insider: Threat as a result of
Human failure/limitations of human performance
Mistakes can occur for the accidental insider through what 4 things:
Pressure of the job
Task difficulty
Lack of knowledge
Cognitive factors: Inattention
4 examples of unintentional insider threat
Disclosure of sensitive information
Devolving of log-in details
Improper disposal of physical records
Loss of information through misplacement of portable devices
Underlying human factors which could influence cyber-security
1 - Social/peer pressure - adherence to policies
2 - Positive cyber-security of peers/superiors leading to increased cyber-security posture of other organisation members
3 - Self-efficacy, as lack of awareness of security policies means people cannot align to them, thus making errors (example don’t know how to encrypt files)
5 tests:
Domain-specific risk-taking scale General decision-making style Need for cognition Barratt impulsiveness scale Consideration for future consequences
5 x Personality traits which would make a person more likely to positively engage in effective cybersecurity
Conscientiousness Agreeableness Openness Risk - adverse Rational
