Transcript
![Page 1: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/1.jpg)
THE ART OF EXPLANATION
![Page 2: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/2.jpg)
![Page 3: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/3.jpg)
What is behavioral economics?
![Page 4: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/4.jpg)
Cognitive biases
![Page 5: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/5.jpg)
Common complaints about infosec
![Page 6: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/6.jpg)
My goal
![Page 7: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/7.jpg)
What will I cover?
![Page 8: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/8.jpg)
![Page 9: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/9.jpg)
Prospect theory
![Page 10: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/10.jpg)
Core tenets of Prospect Theory
![Page 11: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/11.jpg)
Offense vs. Defense
![Page 12: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/12.jpg)
InfoSec reference points
![Page 13: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/13.jpg)
Implications of reference points
![Page 14: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/14.jpg)
Prospect theory in InfoSec
![Page 15: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/15.jpg)
What are the outcomes?
![Page 16: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/16.jpg)
Incentive problems
![Page 17: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/17.jpg)
![Page 18: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/18.jpg)
Time inconsistency
![Page 19: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/19.jpg)
Time inconsistency in InfoSec
![Page 20: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/20.jpg)
InfoSec as a public good?
![Page 21: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/21.jpg)
What could this mean?
![Page 22: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/22.jpg)
Dual-system Theory
![Page 23: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/23.jpg)
Dual-system theory
![Page 24: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/24.jpg)
Dual-system theory in InfoSec
![Page 25: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/25.jpg)
What about groups?
![Page 26: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/26.jpg)
Group vs. Individual Biases
![Page 27: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/27.jpg)
Potential risks of groups
![Page 28: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/28.jpg)
So, what do we do about it?
![Page 29: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/29.jpg)
Improving heuristics: industry-level
![Page 30: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/30.jpg)
Changing incentives: defender-level
![Page 31: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/31.jpg)
Leveraging attacker weaknesses
![Page 32: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/32.jpg)
How to promote System 2
![Page 33: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/33.jpg)
Other ideas
![Page 34: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/34.jpg)
Conclusion
![Page 35: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/35.jpg)
Final thoughts
![Page 36: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/36.jpg)
Further research
![Page 37: The Art of Explanation: Behavioral models of infosec](https://reader033.vdocuments.mx/reader033/viewer/2022051709/58746d841a28abab198b8a91/html5/thumbnails/37.jpg)
Questions?