I’m changing the title of this blog from something I picked because I had a blank field in front of me to “Behavioral Security”. Partly because it’s less to type, but also I think it is much more to the point of my thinking: information security is mostly about human behavior. In order to make improvements we need account for the humans that think, create, install, use, analyze and break the technology and processes protecting our goody baskets.
Behavioral Security uses social, cognitive and emotional factors in understanding the decisions of individuals and institutions in the management of information.
I largely took that from the Wikipedia definition for “behavioral economics” and I think it needs some tuning, but yeah, that’s the theory I’m sticking with for now.