The “streetlight effect”—originally less flatteringly referred to as the “drunkard’s search”—is a form of observational bias. It recognizes our tendency to look for solutions to problems where it’s easiest to find them, such as under a streetlight. In this article, we describe what happened when we set out to deliberately move away from the “streetlight” of traditional approaches to cybersecurity and look more broadly at where solutions might lie. We applied a technique called security dialogues to improve the conversation between security practitioners and organizational staff. We hoped that, if successful, we might also improve security processes and contribute to the development of a stronger security culture.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...