The Five Pillars of a Cognitive Risk Framework—Part II

Abstract

The purpose of this study is to develop the first cognitive risk framework for cybersecurity to address two narrative arcs in cyber warfare: the rise of the “hacker” as an industry and the “cybersecurity paradox”, namely why billions spent on cybersecurity fail to address semantic cyberattacks. Semantic cyberattacks, also known as social engineering, manipulates human users’ perceptions and interpretation of computer-generated data to obtain non-public confidential data. The cyber battleground has shifted from an attack on hard assets to a much softer target: the human mind. If human behavior is the new and last “weakest link” in the cybersecurity armor, is it possible to build cognitive defenses at the intersection of human-machine interactions? The answer is yes, but the change that is needed requires a new way of thinking about security, data governance and strategy. The concepts referenced in the Cognitive Risk Framework for Cybersecurity (CRFC) are drawn from a large body of research in multidisciplinary topics. Cognitive risk management is a sister discipline of a parallel body of science called Cognitive Informatics Security or CogSec. It is also important to point out as the creator of the CRFC, the principles and practices prescribed herein are borrowed from cognitive informatics security, machine learning, artificial intelligence (AI), and behavioral and cognitive science, among just a few that are still evolving. The Cognitive Risk Framework for Cybersecurity revolves around five pillars: Intentional Controls Design, Cognitive Informatics Security, Cognitive Risk Governance, Cybersecurity Intelligence and Active Defense Strategies and Legal “Best Efforts” considerations in Cyberspace. Complete text of “Cognitive Hack: The New Battleground in Cybersecurity … the Human Mind” is available here: https://www.crcpress.com/Cognitive-Hack-The-New-Battleground-in-Cybersecurity–the-Human-Mind/Bone/p/book/9781498749817