This article makes a contribution to the theory of the human factor in the information security by exploring how errors in thinking distort the perceptions of InfoSec issues. Besides examples from the practice, the author proposes several ideas for mitigating the negative effects of the cognitive biases through training.
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...