InfoSec Seminar: The Behavioural Security Grid (BSG) Risk and Emotion

Speaker: Odette Beris

Date/Time: 27-Aug-2015, 15:00 UTC

Venue:

Details

 

Abstract 

We introduce a new methodology for identifying the factors that drive employee security behaviors in organizations, based on a well-known paradigm from psychology, the Johari Window. An analysis of 93 interviews with staff from 2 multinational organizations revealed that security behavior is driven by a combination of risk perception and emotional stance towards security policy.  Furthermore, we found that a quantitative analysis of these dimensions is capable of differentiating between the staff populations of the two organizations. Organization B showed a healthier set of security behaviors, as a result of its employees having better risk understanding and a more positive emotional stance. The framework distinguishes between 16 theoretical behavioral types, (3 of which are rule breakers, excuse makers and security champions).  It can be used to identify groups of employees that potentially pose a risk to the organization, as well as those with beneficial skills and expertise. This allows highly specific messages to be targeted to change the risk perception and emotional stance of such groups.  Assuming the organization has ensured security hygiene (i.e. its policies can be complied with in the context of productive activity), this can shift behavior towards compliance.  Our framework thus offers diagnostic and intervention-shaping tools for the next step in improving security culture. Based on a paper with Adam Beautement and Angela Sasse.

 

 

Bio

Odette Beris is a Research Student at UCL, her research focuses on the behavioural aspects of information security, risk perception and emotion. She is a Chartered Psychologist and Associate Fellow of the British Psychological Society. Her professional background is as an organisational psychologist, where she worked for several years as independent psychologist across business and in-house at the BBC.  She holds an MA in Intelligence and International Security from King's College London and an MSc in Organisational Psychology from City University.

 

 

This page was last modified on 27 Mar 2014.