Chapter 35 – |
Using Social Psychology to Implement Security Policies |
M. E. Kabay, PhD, CISSP
Chapter Contents:
|
35.1 |
|
Introduction
|
|
35.2 |
|
Rationality is not Enough
|
|
35.2.1 |
|
The Schema
|
|
35.2.2 |
|
Theories of Personality
|
|
35.2.3 |
|
Explanations of Behavior
|
|
35.2.4 |
|
Errors of Attribution
|
|
35.2.4.1 |
|
Fundamental Attribution Error
|
|
35.2.4.2 |
|
Actor-Observer Effect
|
|
35.2.4.3 |
|
Self-Serving Bias
|
|
35.2.4.4 |
|
Salience and Prejudice
|
|
35.2.5 |
|
Intercultural Differences
|
|
35.2.6 |
|
Framing Reality
|
|
35.2.7 |
|
Practical Recommendations
|
|
35.3 |
|
Getting Your Security Policies Across
|
|
35.3.1 |
|
Initial Exposure
|
|
35.3.2 |
|
Counterexamples
|
|
35.3.3 |
|
Choice of Wording
|
|
35.4 |
|
Beliefs and Attitudes
|
|
35.4.1 |
|
Beliefs
|
|
35.4.2 |
|
Attitudes
|
|
35.4.3 |
|
Reward
|
|
35.4.4 |
|
Changing Attitudes toward Security
|
|
35.4.4.1 |
|
Communicator Variables
|
|
35.4.4.2 |
|
Message Variables
|
|
35.4.4.3 |
|
Channel Variables
|
|
35.4.4.4 |
|
Audience Variables
|
|
35.5 |
|
Encouraging Initiative
|
|
35.5.1 |
|
Prosocial Behavior
|
|
35.5.2 |
|
Conformity, Compliance, and Obedience
|
|
35.5.2.1 |
|
Social Pressure and Behavior Change
|
|
35.5.2.2 |
|
Changing Expectations
|
|
35.5.2.3 |
|
Norm of Reciprocity
|
|
35.5.2.4 |
|
Incremental Change
|
|
35.6 |
|
Group Behavior
|
|
35.6.1 |
|
Social Arousal
|
|
35.6.2 |
|
Locus of Control
|
|
35.6.3 |
|
Group Polarization
|
|
35.6.4 |
|
Groupthink
|
|
35.7 |
|
Summary
|
|
35.8 |
|
For Further Reading
|
|
|
|