Abstract
Consistent flaws are revealed in post-incident reviews of security failures and ongoing reviews of security processes. These flaws include the math and methods used, insufficient situational awareness, overlooked systems mechanics, and missed root causes. Yet, many security teams are composed of bright, diligent, and dedicated professionals. How could they make such big mistakes? Simple—by being vulnerable to their own brains. It’s about brain science. Cognitive bias and structural blindness is the human condition. Brains must be trained to overcome our own vulnerabilities—like a martial artist building speed. This training is entirely different from checklists, intrusion prevention systems or mandatory security awareness videos. Yes, errors in typical security methods have wasted untold hours of human labor and mountains of money. Good news is that we security pros are not alone. Professionals in other areas have been exploring ways to help our brains see bigger and better for decades. Our opportunity is to bring this into security. Decades of research and proven practice are adapted to tech-related risk in a “dual cycle” approach. The first cycle—the “5 + 2 Step Cycle for Managing Risk to Performance”—is about substantive improvements in the management of risk. The second cycle is about “making change stick” by integrating the substantive change with an organizational change/transformation method.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
