Abstract
A major problem in the decision-making process is poor communication regarding threats and risks between information security experts and decision makers. By their nature, experts have a strong interest in operational details and limited insight into the purpose of the organization as they may not fully understand the mission and business. They are overusing System Language and System Thinking. This means they will fail making themselves fully understood by the decision makers, who are therefore not able to make carefully considered riskbased decisions. This paper describes the theory behind the underlying communication problem between information security experts and decision makers and the use of System Language and System Thinking. We questioned 63 participants, observed and analyzed their opinions, and discussed the results. This has led to Lessons Learned for developing a curriculum on Information Security and Privacy Protection (IS&PP) and defining areas for further research.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
