Developing a security-awareness culture – improving security decision making
This paper proposes that creating security aware cultures is dependent on improving how individuals make security decisions. Awareness of our decision-making processes as security practitioners can help us make better decisions in these uncertain conditions and help promote security-aware cultures in our organizations. Key to doing this is in understanding the process of how we really make decisions and what factors in the process may impair our abilities to make good security decisions for our organizations. This paper examines important facets of individual and group decision-making and provides prescriptive guidance on how we may improve the quality of our decision-making processes, leading to better security decisions.