The Human Factor - Why Are We So Bad at Security and Risk Assessment?

Explore the psychological factors influencing human behavior in security and risk assessment during this 55-minute conference talk from BSidesLV 2017. Delve into topics such as cognitive biases, memory illusions, and decision-making processes that impact our ability to effectively assess and respond to security threats. Learn about the dangers of relying on memory, the fight-or-flight response, and how indecision affects security practices. Examine common misconceptions in security, the importance of challenging assumptions, and the role of user awareness in strengthening organizational security. Gain insights into the work of Kahneman and Tversky, and understand how to improve security practices by addressing the human factor in risk assessment and decision-making.

Intro
Hello Bias My Old Friend
The Big Question
Breaking a Horse
Our Shared Hallucination
Memory and You
The Gorilla in the Room
Reliance on Memory is Dangerous
The Memory Illusion
Fight or Flight???
Indecision
Kahneman and Tversky
Common Sense
Security Misunderstanding
Paradigm Shift
Assumptions == Weak Foundations
Users and Awareness
People and Processes
Questions?