Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs

“…Moreover, some people may in fact doubt their self-efficacy in that they are unequipped to handle security related issues. Tsohou et al (2015) claim that these factors come as a result of "cognitive and cultural biases" that people may have, based on their personal beliefs and experiences.…”

“…This affects both how people regard security in general, as well as how they will respond to security training (Beris et al, 2015). Tsohou et al (2015) provide an aggregated list of factors that have been mentioned in extant literature to affect security policy compliance. Seemingly, there are several factors to consider other than just awareness.…”

“…Behaviour change is a precarious subject and is actually more a case of psychology than of security itself (Tsohou et al, 2015;Bada et al, 2015). The first thing to acknowledge is that people are different and somewhat unpredictable.…”

Gamification of Information Security Awareness and Training

“…Moreover, some people may in fact doubt their self-efficacy in that they are unequipped to handle security related issues. Tsohou et al (2015) claim that these factors come as a result of "cognitive and cultural biases" that people may have, based on their personal beliefs and experiences.…”

“…This affects both how people regard security in general, as well as how they will respond to security training (Beris et al, 2015). Tsohou et al (2015) provide an aggregated list of factors that have been mentioned in extant literature to affect security policy compliance. Seemingly, there are several factors to consider other than just awareness.…”

“…Behaviour change is a precarious subject and is actually more a case of psychology than of security itself (Tsohou et al, 2015;Bada et al, 2015). The first thing to acknowledge is that people are different and somewhat unpredictable.…”

Gamification of Information Security Awareness and Training

“…Alternatively, organizations can implement role-based access control policies that describe viable user accounts in terms of interdependences and relationships with other data sources [13]. However, some research results show that security policy that is based on monitoring alone is far from ideal in fostering users to comply with security procedures [6].…”

“…Moreover, the lower-levels employees should be involved in the formulation of the information security policies as stakeholders in this process [5]. HR and IT must collaborate on the internal policy guidelines that define authorization and responsibility issues [13]. Information security knowledge sharing, positive collaboration and adoption of training methods within the organization are pivotal to the success of the process and strongly affect the attitudes and awareness of employees towards organizational security policies and procedures.…”

Reshaping Organizational Security Policy upon Corporate Mobile Users

A Review on Phishing—Machine Vision and Learning Approaches