We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHannah Gunn
Modified over 3 years ago
1/36 Copyright © 2008 M. E. Kabay. All rights reserved. Social Psychology & INFOSEC ISSA Baltimore Chapter July 23, 2008 M. E. Kabay, PhD, CISSP-ISSMP CTO & MSIA Program Director School of Graduate Studies, Norwich University mailto:email@example.com:firstname.lastname@example.org V: 802.479.7937
2/36 Copyright © 2008 M. E. Kabay. All rights reserved. Topics in CSH4 Ch 35* Rationality is Not Enough Getting Your Security Policies Across Encouraging Initiative Group Behavior _________ * NOTES: 1)Detailed, narrated lectures on organizational psychology are available from the MSIA program at http://www2.norwich.edu/mkabay/msia/public/index.htm as a complete lecture (15.7MB Zipped) or in parts. 2) This presentation goes beyond Chapter 35 of the Computer Security Handbook, 4 th Edition in some respects.
3/36 Copyright © 2008 M. E. Kabay. All rights reserved. Rationality is Not Enough Peoples behavior includes much more than logic and reason The Schema Theories of Personality Attribution Theory Social Cognition: Forming Judgments Intercultural Differences Framing Reality
4/36 Copyright © 2008 M. E. Kabay. All rights reserved. The Schema Cognitive framework What allows observations to make sense We interpret observations in context Imagine that your colleague appears at work dressed like this: But what if your colleague is at the company swimming pool? Results in radically different interpretation from schema for the business meeting.... In security, schema for normal politeness conflicts with schema for secure behavior
5/36 Copyright © 2008 M. E. Kabay. All rights reserved. Theories of Personality Interpersonal conflicts can interfere with security policy Beware rigid categories for framing behavior in terms of fixed personality patterns Extroversion / agreeableness etc. Especially important not to value one personality style above another People of all styles can contribute constructively to organization Perceptions and expectations account for many conflicts Role-playing exercises very helpful Listen carefully to peoples expressions of feelings as well as of opinions
6/36 Copyright © 2008 M. E. Kabay. All rights reserved. Attribution Theory (1) How people explain their own and others' behavior Weiner's classification: StableUnstable Internal External Dispositions; traits; level of ability or intelligence Effort; mood; physical state Good/bad luck; opportunity; transient situations Degree of task difficulty; env helps/hindrance
7/36 Copyright © 2008 M. E. Kabay. All rights reserved. Attribution Theory (2) How we explain behavior Fundamental Attribution Error Star Trek's Leonard Nimoy is really like the character he portrays (Mr Spock) Actor-Observer Effect What I do is a reasonable response to the situation but what you do is in your nature Salience What stands out is perceived as most important even if it isn't
8/36 Copyright © 2008 M. E. Kabay. All rights reserved. Attribution Theory (3) Self-Serving Bias If I succeed it's because of how good I am, but if I lose it's not my fault Self-Handicapping If I expect to fail I'll make sure there's a good excuse Depressed People If I lose it's because of how bad I am, but if I succeed it's not to my credit
9/36 Copyright © 2008 M. E. Kabay. All rights reserved. Attribution Theory: Implications Leader and others: remember not to pigeon- hole someone E.g., Hes always _______ Reverse situation – think about explanations for perplexing or objectionable behavior If I were behaving that way, it would be because __________ Challenge unthinking reliance on salience – question assumptions about causality Why should the fact that he limps make a difference to _________?
10/36 Copyright © 2008 M. E. Kabay. All rights reserved. Social Cognition: Forming Judgements 1.Schemas influence perception 2.Decision-making usually includes only a small subset of available information 3.Language influences perception 4.Reasoning is only a small part of forming judgments or opinions
11/36 Copyright © 2008 M. E. Kabay. All rights reserved. Inadequate Sampling Judgments are often based on inadequate samples Early, negative, information weighted heavily The availability heuristic can lead to errors in judgment Whats easy to remember weighs too heavily in decision Anecdotal evidence inappropriately strong
12/36 Copyright © 2008 M. E. Kabay. All rights reserved. Inadequate Sampling (contd) THEREFORE 1.Provide decision makers with powerful arguments first 2.Ensure theres lots of striking, memorable evidence in presentation 3.Explicitly challenge incorrect intuition, preconceptions, conclusions
13/36 Copyright © 2008 M. E. Kabay. All rights reserved. Intercultural Differences International differences can lead to Misunderstandings Conflicts History, interpretation can be different; e.g., Afghani Taliban forced non-Muslims to wear badges in public So how might a particular Hindu refugee from Afghanistan feel in the USA being forced to wear a badge to work? DISCUSS such problems rather than dismissing them
14/36 Copyright © 2008 M. E. Kabay. All rights reserved. Framing Reality Shift perception of reality Expand range of experience Give real-world examples Provide opportunities for role-playing Take time necessary to shift corporate culture Keep security at forefront of awareness Address feelings of participants
15/36 Copyright © 2008 M. E. Kabay. All rights reserved. Getting Your Policies Across: Effective Communication What influences pace of change: Audience/Listener variables Channel variables Communicator/Presenter variables Message variables For narrated lectures on effective communications, see LEADERSHIP parts 3 and 4 on http://www2.norwich.edu/mkabay/msia/public/index.htm
16/36 Copyright © 2008 M. E. Kabay. All rights reserved. Beliefs and Attitudes (1) Belief: cognitive information without affect (feelings) The operators are responsible for tape mounts. Attitude: evaluation or emotional response The */$&/! operators are supposed to be responsible for tape mounts! Cognitive dissonance: incompatible beliefs, attitudes or behavior I am an honest person – but I have taken home three dozen blank CD- RW disks this month from the company stockroom.
17/36 Copyright © 2008 M. E. Kabay. All rights reserved. Beliefs and Attitudes (2) Before attempting to change beliefs and attitudes, study what they are Interviews Focus groups Surveys Use language carefully Positive terms for desired end-point Encouragement is effective Even minor praise, smile can shape beliefs and attitudes* Allow time for change – weeks at least *
18/36 Copyright © 2008 M. E. Kabay. All rights reserved. Beliefs and Attitudes (3) Suggestions for security group: Explore current beliefs and attitudes towards security Identify areas of conflict, negative affect Correct erroneous beliefs fast Explore why some policies are successful Provide consistent pro-security messages to avoid dissonance E.g., managers should not ignore polices Rewards more effective than punishment Encouraging positive attitudes & behavior
19/36 Copyright © 2008 M. E. Kabay. All rights reserved. Prejudice Stereotypes – simple models of others; e.g., racial profiling, assumptions about security officers Roots of prejudice are many – historical, social, familial, psychological, personal Authoritarian personality includes prejudice Minimal-group research – easy to generate inter- group hostility and prejudice simply by grouping Group competition exacerbates prejudice Creating common goals and projects for hostile groups mitigates prejudice Favorable depictions improve inter-group relations
20/36 Copyright © 2008 M. E. Kabay. All rights reserved. Encouraging Initiative Prosocial Behavior Conformity, Compliance and Obedience
21/36 Copyright © 2008 M. E. Kabay. All rights reserved. Pro-Social (Helpful) Behavior Acting helpfully requires 4 steps: Notice problem Need awareness Recognize as emergency Need training Take responsibility for action Need climate for responsible action No worry about looking foolish Decide on action Sound training, good policies
22/36 Copyright © 2008 M. E. Kabay. All rights reserved. Pro-Sociality (2) Bystander Effect Larger groups have slower reaction time Diffusion of responsibility Uncertainty about social climate Counter bystander effect using rewards for responsible behavior E.g., reporting security violations Challenging unbadged strangers
23/36 Copyright © 2008 M. E. Kabay. All rights reserved. Pro-Sociality (3) Cost-benefit analysis Make prosociality low cost / high gain Provide hotline for security violations Allow anonymity in reports Make failing to support policy expensive Personnel policies: clear sanctions Performance review Possible dismissal
24/36 Copyright © 2008 M. E. Kabay. All rights reserved. Conformity, Compliance and Obedience Shift normative values towards goal Express expectation of cooperation – We Group solidarity increases conformity Group exercises, games, teamwork If using contests, mix up the teams Outliers are especially important Both enthusiasts and resisters Norm of reciprocity Give a little, get a little Foot in the door Get a little, get more
25/36 Copyright © 2008 M. E. Kabay. All rights reserved. Group Behavior Social Arousal Locus of Control Group Polarization Groupthink
26/36 Copyright © 2008 M. E. Kabay. All rights reserved. Social Arousal Large groups cause social arousal Increased awareness of self and others Facilitates well-learned habits Interferes with poorly-learned habits Therefore avoid large groups for early security training Provide individualized learning as major tool
27/36 Copyright © 2008 M. E. Kabay. All rights reserved. Locus of Control (1) People work better when they feel in control Able to affect outcomes Considered by decision-makers Listened-to Experimental evidence Teams working in noisy environment Patients in convalescence homes
28/36 Copyright © 2008 M. E. Kabay. All rights reserved. Locus of Control (2) Locus of Control Group 1
29/36 Copyright © 2008 M. E. Kabay. All rights reserved. Locus of Control (3) Locus of Control Group 2 STOP
30/36 Copyright © 2008 M. E. Kabay. All rights reserved. Locus of Control (4) Recovery of elderly patients in nursing home with and without imposition of responsibility
31/36 Copyright © 2008 M. E. Kabay. All rights reserved. Group Polarization Groups take on more extreme positions than any one member would E.g., can decide to take more risks (or fewer) than reasonable Emphasize one-on-one discussions to counter polarization Re-evaluate group decisions after enthusiasm has cooled From http://www.zonaeuropa.com/ 20050312_1.htm Group Polarization in the Blogosphere
32/36 Copyright © 2008 M. E. Kabay. All rights reserved. Groupthink of Irving Janis Desire for social cohesion can lead to flawed thinking Reject contrary evidence Condemn anyone questioning consensus Protect leader against disturbing views Factors increasing likelihood of groupthink Authoritarian leader Pre-existing agenda Rejection of debate Should fight groupthink at all levels Challenger: January 28, 1986
33/36 Copyright © 2008 M. E. Kabay. All rights reserved. Review Questions (1) 1.How does the schema affect information assurance? 2.How can faulty interpretations of personality interfere with IA practitioners ability to work effectively in an organization? 3.How do unsophisticated explanations of behavior interfere with effective security administration? 4.What is meant by making security part of the corporate culture? 5.Discuss three key elements for changing employees schemas to improve receptivity to security policies. 6.Why is it valuable to evaluate current beliefs about security issues (explain with respect to cognitive theory).
34/36 Copyright © 2008 M. E. Kabay. All rights reserved. Review Questions (2) 7.What are the most effective mechanisms for motivating better attitudes toward security and greater compliance with security policies? 8.Analyze the case of the Hersheys Kisses on the keyboard. 9.Name and define the four types of variables affecting the effectiveness of communications designed to change attitudes. 10.Explain how each of the four communications variables can be optimized for effective attitude change in security training. 11.How can one encourage employees to take the initiative in responding to security breaches and reporting questionable behavior?
35/36 Copyright © 2008 M. E. Kabay. All rights reserved. Review Questions (3) 12.How does team spirit influence the work of IA trainers? 13.Why should IA trainers and security personnel pay attention to outliers? 14.How does the norm of reciprocity play a role in security policy efforts? 15.What is the significance of the foot-in-the-door technique for security training and awareness efforts? 16.When should security training be offered to large groups and when to small groups? Why? 17.What is the meaning of locus of control for security efforts? 18.How can one avoid the dangers of group polarization and groupthink in security training and awareness efforts?
36/36 Copyright © 2008 M. E. Kabay. All rights reserved. DISCUSSION
1 Copyright © 2014 M. E. Kabay. All rights reserved. Social Psychology & INFOSEC CSH5 Chapter 50 “Using Social Psychology to Implement Security Policies”
ATS The Art of Tech Support John Abbott College How to Handle Difficult Calls M. E. Kabay, PhD, CISSP Director of Education, NCSA President, JINBU.
1 Copyright © 2004 M. E. Kabay. All rights reserved. Social Psychology & INFOSEC NEW ENGLAND INFORMATION SECURITY GROUP M. E. Kabay, PhD, CISSP.
Managing Conflict and Change
Part 2 Individual Behaviour
Copyright ©2008 Cengage Learning. All rights reserved 1 Chapter 10 Managing Teams Designed & Prepared by B-books, Ltd. MGMT Chuck Williams.
5 | 2Copyright © Houghton Mifflin Company. All rights reserved. Part Three Markets and Consumer Behavior.
Dynamics of Behavior in Organizations
Chapter 12 Understanding Work Teams
Topic – 2 THE PERCEPTION PROCESS. The Nature and Importance of Perception Perception, is a unique interpretation of the situation, not an exact recording.
Psychology: An Introduction Charles A. Morris & Albert A. Maisto © 2005 Prentice Hall Social Psychology Chapter 15.
Management: Arab World Edition Robbins, Coulter, Sidani, Jamali Chapter 1: Introduction to Management and Organizations Lecturer: Amani B AL-Kahtani.
Business Markets and Business Buyer Behavior 6 Principles of Marketing.
SOCIAL PSYCHOLOGY The Best of Both Worlds of Psychology and Sociology.
Social Psychology Chapter 16. Constructing Social RealityThe Power of the SituationAttitudes, Attitude Change, and Action Chapter 16 Preview.
Myers’ EXPLORING PSYCHOLOGY (6th Ed) Chapter 15 Social Psychology Modified from: James A. McCubbin, PhD Clemson University Worth Publishers.
Chapter 3 Individual Differences and Work Behavior
1 12 Implementing Strategy in Companies That Compete in a Single Industry.
PSSA Preparation. Question 1(no calculator) D Question 2 (no calculator)
BUILDING THE CAPACITY TO ACHIEVE HEALTH & LEARNING OUTCOMES
Copyright © 2002 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Social Psychology – Ch 17 Social Influence. Social Psychology Scientific study of the ways that people’s behavior and mental processes are shaped by.
Chapter 14 Social Psychology. Copyright © 1999 by The McGraw-Hill Companies, Inc. 2 Social Cognition Social perception –judgement about the qualities.
Place Slide Title Text Here ©2013 John Wiley & Sons, Inc. All rights reserved ©2013 John Wiley & Sons, Inc. All rights reserved. JOHN R. SCHERMERHORN,
Chapter 18 social psychology1 Chapter 18 Social psychology.
Consumer and Business Buyer Behavior
© 2006 Prentice Hall Leadership in Organizations 14-1 Chapter 14 Ethical Leadership and Diversity.
Organizational Behavior Definition: the study of actions OF PEOPLE at work that affect performance in the workplace. Goal? To explain and predict behavior.
Module 16.1 Perceiving Others. Copyright © Houghton Mifflin Company. All rights reserved Module 16.1 Preview Questions What is social perception?
Copyright © 2011 Pearson Education 2-1 International Business Environments and Operations, 13/e Global Edition Part Two Comparative Environmental Frameworks.
Chapter 5 Transfer of Training
Chapter 8 - slide 1 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter Eight Products, Services, and Brands Building Customer.
Organizational Control and Change chapter eleven.
Chapter 12 Analyzing Semistructured Decision Support Systems Systems Analysis and Design Kendall and Kendall Fifth Edition.
Change management. Housekeeping › mobile phones › break times › toilets › emergencies © smallprint 2.
Chapter 1 Organization Theory and Health Services Management.
Social Psychology Psychology & Religion Dr. Mark King.
1 Chapter 13 Motivation Designed & Prepared by B-books, Ltd. MGMT Chuck Williams.
Mr. Bailey WBL Coordinator How to Ask for a Raise! Show Me the Money! How to ask for a Raise!
1 CREATING A LEARNING ORGANIZATION AND AN ETHICAL ORGANIZATION STRATEGIC MANAGEMENT BUAD 4980.
11 Chapter Motivating and Rewarding Employees Copyright ©2013 Pearson Education, Inc. publishing as Prentice Hall 11-1.
Copyright © 2010 Allyn & Bacon This multimedia product and its contents are protected under copyright law. The following are prohibited by law: any public.
Copyright ©2014 Pearson Education, Inc Chapter 16 Organizational Culture Essentials of Organizational Behavior 12e Stephen P. Robbins & Timothy A.
Your Name Block Date CM2.01 All About Me! 1. UNITA: Personal/Social Development Competency CM02.00: Evaluate positive interpersonal skills in a variety.
1 Chapter 6 Consumer and Business Buyer Behavior.
Social Psychology Social Psychology studies how people think about, influence, and relate to one another. Humans are the most social of the animals (i.e.,
Working with MS-ACCESS IS 240 – Database Management Lecture #2 – Assoc. Prof. M. E. Kabay, PhD, CISSP Norwich University
Chapter 18 Social Psychology. The scientific study of how we think about, influence, and relate to one another. social psychology.
Chapter 11 Membrane Structure Essential Cell Biology Third Edition Copyright © Garland Science 2010.
© 2017 SlidePlayer.com Inc. All rights reserved.