Showing posts with label Behavioural Sciences. Show all posts
Showing posts with label Behavioural Sciences. Show all posts

Wednesday, 11 September 2024

Behavioural Security

We readily acknowledge that humans are the weakest link in the security chain. 

BUT, people do not want to be conned. NO ONE ever said - Its ok to get conned. What's the issue?  

So, why are they the weakest link? 


I have been thinking about this very deeply. 

In one line, its simply that security has been projected as this esoteric discipline (rocket science) instead of making it a natural everyday thing to do. 

The second is that the approach to security in human behaviour has been directive - Do this, Don't do this, be Scared of this... 

This is never a good approach to take in behavior change. 


Presenting, a new discipline: Behavioural Security - the discpline that focuses on understanding human behaviour and creating models of change that lead to safer behaviour. Much like any other change management. 


Why do we need an entirely new discipline for this? For the simple reason that there is plenty of work to be done. 

I created one video to make it easy to create a complex password that is also easy to remember. And then it hit me - Why do we make it so hard for normal people? You are told to change  your password once a month, to make it Greek and Latin, but no one tells you HOW to do it! 

The education is largely directive, the verbiage fear-inducing rather than supportive. 

But the worst thing is the victim shaming. NO ONE wants to be duped. And yet, after every single episode, the victim is made to feel like a culprit. 


For far too long, companies and governments have focused on the tech side of cyber security - Bounty hunting programs, firewalls and AVs, zero day vulnerability assessments, VAPT... even the OWASP Guides and Top 10 are all tech. They do not focus on human centric security design. It is time to change that.  


So, let's get the work started! Let's research, create experimental models of change, verify those models, and end the era of humans being the weakest link in the chain. We are smart enough to deserve better. 


at No comments:
Labels: , ,

Friday, 26 May 2023

How to Join an Existing Group

Tuckman's 5 Stages of Group Formation - Forming - Storming - Norming - Performing - Adjourning are well-known.


But how does one get inside a group? What are the stages of joining a group?

Stage 1: At this stage, one or perhaps two members of the group know you. If they like you, you are invited if there are places to fill and someone is needed. Example: Stuart in 'The Big Bang Theory'.

Stage 2: At this stage, you are invited, but your absence leaves a void the size of a pailful of water from the river. In short, your company is enjoyed, but your absence is not particularly missed.

Stage 3: At this stage, plans are made keeping your calendar constraints in mind. If you don't turn up, it doesn't feel like 'fun' to others. You are missed.

How does one move from Stage 1 to Stage 3? It is as simple as 1-2-3.

> Pay Attention
Pay attention to people. Listen. Understand them. Truly. They are humans. Before acting, watch and understand the group norms, communication style, and patterns.

> Show Up
Showing up is 50% of the work done. Just showing up is very important. Make time for this group. Make them a priority.

> Be Consistent and Be You
To get into the group might take initiative and action, but to remain takes just - honesty, and consistency.


at No comments:
Labels: ,
Subscribe to: Posts (Atom)