CHAPTER 3: THE COMPLEXITY OF RISK MANAGEMENT

We talked about risk management in the previous chapter, but it is important to understand it in the context of human behaviour. Security professionals should recognise that people perceive risk differently, and that this affects their behaviour.

For example, Daniel Kahneman and Amos Tversky in their research present several choice problems, demonstrating the complexity of situations where people are faced with uncertainty.2

In one of the scenarios the researchers gave the participants 1,000 Israeli pounds and asked if they would prefer to give 500 pounds back and keep the remaining 500 for themselves. The second option was to flip a coin where they would win the full amount for heads or lose the full ...

Get The Psychology of Information Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.