Cognitive Bias and Security Vulnerabilities THE PSYCHOLOGY OF SOFTWARE ENGINEERING NEIL DIXLEY.

Slides:

Advertisements

Similar presentations

Removing the barriers to change:

Advertisements

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Final OVERVIEW Review PSY 321. Major Lessons & Practical Issues of Social Psychology (not to be covered on exam)

Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

Achtung! Pay attention to me! To me! Even after perceptual processes have operated, there is still way more information available to us than we can consciously.

Presented by Prof. Alan Kirtley May 14, 2008

Myers EXPLORING PSYCHOLOGY (6th Edition in Modules) Module 19 Operant Conditioning James A. McCubbin, PhD Clemson University Worth Publishers.

Agenda  Tuesday, June 28 th  Psychology and Security  Thursday, June 30 th  Usable Security.

Imaging Retreat Sriram Vasudevan Biomedical Engineering Wayne State University.

Psychological Theories

Stress and Anxiety: Time for a Change Women’s Health Series September 29, 2009.

Postgraduate Course Evidence-based management: Why do we need it?

Emotions and Oracles Michael Bolton

TEACHING- It’s exciting!-It’s electric! But… It’s not a walk in the park! Dr. Anita N. Kitchens Appalachian State University

Chapter 10: Ethics, Privacy, and Security Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter

ALLISON SPIELMAN ADVISORS Cognitive Decision Making: How Your Brain Can Fool You January 29, 2013.

Seeing Outside the Box: Why Parts of Your Design Are Invisible Lisa Fast, Neo Insight December 10, 2014.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Twelfth Edition.

Made by: Prachi Gupta COM300 Book Review Presentation Book: Blink – The Power of Thinking Without Thinking Author: Malcolm Gladwell.

Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.

Pamela Lyall, Mediator Wednesday 26 November. System 1 automatic, powerful, effortless, often unconscious, uncontrolled, fast, associatively coherent.

Some of the best books of  &mid= A23D2FC75CD A23D2FC75CD7.

 CS 5380 Software Engineering Chapter 11 Dependability and Security.

Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

Wrap Up Psychological assumptions… Permeate the social sciences Rational view Behavioral view Biased judgment Malleable preferences Influenced.

Notes Reset NipissingUniversity September 24, 2007 ©Janice McDonald-Zavarce I'm thinking write but I'm rightin' wrong: AT and the UDL Classroom.

Institutional affiliation Date.  Security is very important as it keeps your secret from other know.  An insecure network exposes a business to various.

“Intuition is reason in a hurry” – Holbrook Jackson, 1932 INTUITION.

Ho was the Sichuan earthquake managed? 2009 The American National Red Cross References The diagram shows how NGO money was spent following the disaster,

Dealing with Data Conference 26 th August Capturing Datasets….. is only the half of it!

Investment and portfolio management MGT 531.  Lecture #29.

Human Factors in Cyber Security: A Review for Research & Education P. Vigneswara Ilavarasan, PhD 1.

KGUN_VNR.wmv The measures, process or business of securing public notice. Information designed to enhance an image.

Rapid JAD Getting more of what you really need--faster--in JAD sessions.

10-1 人生与责任淮安工业园区实验学校连芳芳 “ 自我介绍 ” “ 自我介绍 ” 儿童时期的我.

Myers’ Psychology for AP* David G. Myers *AP is a trademark registered and/or owned by the College Board, which was not involved in the production of,

Introduction to E-commerce Principles By Dr. Gabriel.

1 Chapter 4 MARKETING RESEARCH. 2 WHAT IS MARKETING RESEARCH?  Systematic collection, analysis, and interpretation of information used to develop a marketing.

S7-1 © 2001 Carnegie Mellon University OCTAVE SM Process 7 Conduct Risk Analysis Software Engineering Institute Carnegie Mellon University Pittsburgh,

“So convenient a thing it is to be a reasonable creature, since it enables one to find or make a reason for everything one has a mind to do.” - Benjamin.

CMGT 430 Week 1 DQ 1 What are two important security issues that enterprise systems commonly face? How do these issues threaten information and what high-level.

CMGT 430 Week 2 DQ 2 Imagine you are a security consultant. What are four specific enterprise system threats? For each threat, what mitigation steps should.

CMGT 430 Week 2 Individual Applying Risk Management Consulting Check this A+ tutorial guideline at Week-2-Individual-Applying-Risk-Management-

LEADERS AS Decision ARCHITECTS

Behavioral Economics.

Market Research: Types of Data Mr. Singh.

Yahoo Mail Customer Support Number

Most Effective Techniques to Park your Manual Transmission Car

How do Power Car Windows Ensure Occupants Safety

SEC 400 Competitive Success/snaptutorial.com

How To Resolve Blue Screen Errors By I FIX PC

SEC 240 Education on your terms/tutorialrank.com.

Market Research: Types of Data Mr. Singh.

Lessons From The Defensive Security Podcast

Risk management in Software Engineering

Market Research: Types of Data Mr. Singh.

THINKING, DECISION MAKING AND THEIR RELIABILITY

Decision Trees ADVANTAGES:

Cognitive Bias.

What is securities analysis?

White Box testing & Inspections

Basic Systems Management Employing Security Policies

Presentation transcript:

Cognitive Bias and Security Vulnerabilities THE PSYCHOLOGY OF SOFTWARE ENGINEERING NEIL DIXLEY

Cognitive

Security failures are cognitive failures

Two systems one brain Automatic Intuitive Instinctive Primary Rapid Blind Considered Effortful Focused Secondary Slower Lazy

Cognitive Bias

Anchoring

Loss Aversion

Principle of Authority

Mitigating cognitive failures

Threat Modelling

Check Lists

Security First

Further information  BBC Horizon – How we really make decisions  Wikipedia – List of Cognitive Biases  Cognitive Dissonance – the book  Cognitive Dissonance – the podcast

Thank you  Twitter   Perfect Image