Transcript Social Psychology and INFOSEC

Social
Psychology &
INFOSEC
NEW ENGLAND INFORMATION SECURITY GROUP
2004-05-20
M. E. Kabay, PhD, CISSP
Assoc. Prof. Information Assurance
Program Director, Master of Science in Information Assurance
Norwich University
1
Copyright © 2004 M. E. Kabay. All rights reserved.
Topics








2
Attribution Theory
Social Cognition: Forming Judgments
Beliefs and Attitudes
Prejudice
Locus of Control
Persuasion and Attitude Change
Conformity, Compliance and Obedience
Pro-Social (Helpful) Behavior
Copyright © 2004 M. E. Kabay. All rights reserved.
Attribution Theory
Attribution Theory
 How people explain their own and others'
behavior
 Weiner's classification:
Stable
Dispositions;
traits; level of
ability or
intelligence
Internal
External
3
Degree of task
difficulty; env
helps/hindrance
Copyright © 2004 M. E. Kabay. All rights reserved.
Unstable
Effort;
mood;
physical state
Good/bad luck;
opportunity;
transient
situations
Attribution Theory (cont’d)
How we explain behavior



4
Fundamental Attribution Error
– Star Trek's Leonard Nimoy is really like
the character he portrays (Mr Spock)
Actor-Observer Effect
– What I do is a reasonable response to the
situation but what you do is in your nature
Salience
– What stands out is perceived as most
important even if it isn't
Copyright © 2004 M. E. Kabay. All rights reserved.
Attribution Theory (cont’d)



5
Self-Serving Bias
– If I succeed it's because of how good I am,
but if I lose it's not my fault
Self-Handicapping
– If I expect to fail I'll make sure there's a
good excuse
Depressed People
– If I lose it's because of how bad I am, but if
I succeed it's not to my credit
Copyright © 2004 M. E. Kabay. All rights reserved.
Attribution Theory:
Implications



6
Leader and others: remember not to pigeonhole someone
– E.g., “He’s always _______”
Reverse situation – think about explanations
for perplexing or objectionable behavior
– “If I were behaving that way, it would be
because __________”
Challenge unthinking reliance on salience –
question assumptions about causality
– “Why should the fact that he limps make a
difference to _________?”
Copyright © 2004 M. E. Kabay. All rights reserved.
Social Cognition: Forming
Judgements




7
Schemas influence perception
Decision-making usually includes only a
small subset of available information
Language influences perception
Reasoning is only a small part of forming
judgments or opinions
Copyright © 2004 M. E. Kabay. All rights reserved.
Schemas
Organized knowledge about the world
 Influence perceptions — Allport’s experiments
with drawings of people on tramway
 Affect memory — witnesses unreliable
 More subtle and complex for in-groups than for
out-groups – give outgroup no credit
 May lead to self-fulfilling prophecies; e.g., math
teachers vs girls
– Reward compliance with schema (boys)
– Punish deviation (girls)
Suggestion: question expectations, assumptions

8
Copyright © 2004 M. E. Kabay. All rights reserved.
Schemas (cont’d)


9
Schema from one sphere may interfere with
successful implementation of new policies
Present counterintuitive information in
advance
– Provide enough time for assimilation
– Distribute background papers
– Use case studies to counter inappropriate
schemata
Copyright © 2004 M. E. Kabay. All rights reserved.
Inadequate Sampling
Judgments are often based on inadequate
samples
 Early, negative, information weighted heavily
 The availability heuristic can lead to errors in
judgment
– What’s easy to remember weighs too heavily
in decision
– Anecdotal evidence inappropriately strong
10
Copyright © 2004 M. E. Kabay. All rights reserved.
Inadequate Sampling (cont’d)



11
Provide decision makers with powerful
arguments first
Ensure there’s lots of striking, memorable
evidence in presentation
Explicitly challenge incorrect intuition,
preconceptions, conclusions
Copyright © 2004 M. E. Kabay. All rights reserved.
Beliefs and Attitudes



12
Belief: cognitive information without affect
– “The operators are responsible for tape
mounts.”
Attitude: evaluation or emotional response
– “The */$&/! Operators are supposed to be
responsible for tape mounts!”
Cognitive dissonance: incompatible beliefs,
attitudes or behavior
– “I am an honest person – but I have taken
home three dozen Zip disks this month.”
Copyright © 2004 M. E. Kabay. All rights reserved.
Beliefs and Attitudes




13
Before attempting to change beliefs and
attitudes, study what they are
– Interviews
– Focus groups
– Surveys
Use language carefully
– Positive terms for desired end-point
Encouragement is effective
– Even minor praise, smile can shape beliefs
and attitudes
Allow time for change – weeks at least
Copyright © 2004 M. E. Kabay. All rights reserved.
Beliefs and Attitudes (cont’d)
Suggestions for security group:
 Explore current beliefs and attitudes towards
security
– Identify areas of conflict, negative affect
– Correct erroneous beliefs fast
– Explore why some policies are successful
 Provide consistent pro-security messages to
avoid dissonance
– e.g., managers should not ignore polices
 Rewards more effective than punishment
– encouraging positive attitudes & behavior
14
Copyright © 2004 M. E. Kabay. All rights reserved.
Prejudice






15
Stereotypes – simple models of others;
– e.g., racial profiling, assumptions about security
officers
Roots of prejudice are many – historical, social,
familial, psychological, personal
Authoritarian personality includes prejudice
Minimal-group research – easy to generate intergroup hostility and prejudice simply by grouping
Group competition exacerbates prejudice
– Creating common goals and projects for hostile
groups mitigates prejudice
Favorable depictions improve inter-group relations
Copyright © 2004 M. E. Kabay. All rights reserved.
Locus of Control


16
People work better when they feel in control
– Able to affect outcomes
– Considered by decision-makers
– Listened-to
Experimental evidence
– Teams working in noisy environment
– Patients in convalescence homes
Copyright © 2004 M. E. Kabay. All rights reserved.
Locus of Control
Locus of Control Group 1
17
Copyright © 2004 M. E. Kabay. All rights reserved.
Locus of Control
Locus of Control Group 2
STOP
18
Copyright © 2004 M. E. Kabay. All rights reserved.
Locus of Control
19
Copyright © 2004 M. E. Kabay. All rights reserved.
Persuasion and Attitude Change:
Effective Communication
What influences pace of change:
 Audience/Listener variables
 Channel variables
 Communicator/Presenter variables
 Message variables
20
Copyright © 2004 M. E. Kabay. All rights reserved.
Effective Communication:
Listener Variables





21
Knowledge base
Objectives
Intelligence
Alertness
Motivation
Copyright © 2004 M. E. Kabay. All rights reserved.
Knowledge Base





22
Define prerequisite knowledge, skills
Ask each participant for brief biography
Explore related areas of knowledge
Identify strengths and weaknesses
Incorporate interests into examples,
discussions
Copyright © 2004 M. E. Kabay. All rights reserved.
Intelligence




23
Less important than frequently assumed
Encourage questions, discussion
Praise interventions, ideas, contributions
For courses
– Effective study methods can compensate
– Offer assistance outside class
Copyright © 2004 M. E. Kabay. All rights reserved.
Alertness







24
Sleep deprivation harmful to learning
Use channel variables to enhance alertness
Provide frequent breaks
Respond immediately to inattention
Use humor and the unexpected
Discourage heavy lunches
Forbid alcohol during task-force meetings,
workshops and training
Copyright © 2004 M. E. Kabay. All rights reserved.
Motivation



25
“What would you like to be able to do after
this course that you can’t do now?”
Beware forced participation: work to
convince of meeting or courses utility
For courses: address benefits of mastery
– Share experiences in real world
– Bring in enthusiastic “graduate”
• If possible, one who was negative at
start
• Have brief description of positive
results, value
Copyright © 2004 M. E. Kabay. All rights reserved.
Channel Variables




26
Time available
Working conditions
Visibility, audibility, clarity
High interactivity
Copyright © 2004 M. E. Kabay. All rights reserved.
Time Available




27
Allow for at least ~2-3 minutes/slide on average
– Check your timings if you use more slides
– Be sure that you can in fact present all the
slides
At most ~1 hr between breaks
– Use longer breaks (e.g., 20-30 minutes)
to foster creativity
– Informal discussions often useful
At most ~7 hr/day
If necessary, plan 2 or more days or sessions
for better assimilation and application of
complex issues
Copyright © 2004 M. E. Kabay. All rights reserved.
Working Conditions







28
Keep room relatively cool
Lights bright if possible
Comfortable chairs
Desks or tables with enough room for
computers and papers
Printed materials with room for notes
Multimedia: reference articles, videos
If possible and appropriate, network with hub
& LAN connectors
– High-speed access to Net
– NetMeeting software
Copyright © 2004 M. E. Kabay. All rights reserved.
Visibility, Audibility, Clarity





29
Stand, move, sit
Speak clearly at all times
– Keep microphone away from direct line of
breath (avoids noise)
Vary speed
– Slower than conversation
– Pauses effective for emphasis
Over-inflect for emphasis
– Different from conversational mode
– Increase frequency range and dynamic
range
Face the audience, not the slide / poster
Copyright © 2004 M. E. Kabay. All rights reserved.
High Interactivity






30
Ask questions frequently
Challenge individuals
Turn discussion to relevant personal
experiences
Use digressions constructively to reinforce
message
Use examples from participants’ experiences
When teaching, remember individual
students’ interests and point out relevance of
specific material to them
Copyright © 2004 M. E. Kabay. All rights reserved.
Effective Communication:
Presenter Variables







31
Psychology and motivation
Empathy and imagination
Patience
Subject knowledge
Background knowledge
Ethical standards
Externals
Copyright © 2004 M. E. Kabay. All rights reserved.
Psychology and Motivation



32
Commitment to group / participant / student
achievement
Beware feelings of power and superiority
Encourage questions, challenges
– Thank people for raising questions; smile
– Set example: “I don’t know that; can
anyone help on that question?. . . . I’ll do
some research for the next meeting /
class.”
– Deal with extensive discussions at break to
avoid disrupting flow of meeting
Copyright © 2004 M. E. Kabay. All rights reserved.
Psychology and Motivation
(cont’d)



33
Admit mistakes immediately and clearly
– “On that third point, I was wrong. Thank
you to Scott for pointing out that. . . .”
Unforgivable to humiliate people
– Grounds for dismissal
Every session is a chance for leader / teacher
to learn
– Write down ideas for improvement
Copyright © 2004 M. E. Kabay. All rights reserved.
Empathy and Imagination




34
Remember what it was like being a beginner
– Define jargon terms
– Define acronyms on first use
Identify basic knowledge and skills needed
for assimilation of later concepts, material
In courses, ensure that basics are thoroughly
mastered
– If necessary, take disproportionately
longer at start of meeting / course
Encourage meetings after meeting / class
– Make schedule of availability known
– Stick to schedule, especially for students
Copyright © 2004 M. E. Kabay. All rights reserved.
Patience



35
Find alternative ways of explaining ideas /
skills
– Analogies
– Examples
– War stories
When question out of place, defer answer
– Later in lecture if suitable
– At break or after class
Respect students for wanting to understand
Copyright © 2004 M. E. Kabay. All rights reserved.
Subject Knowledge




36
Difficult or impossible to provide technical
leadership or to teach without mastering
subject
Create your own presentation materials
– Or adapt existing materials
Use all available resources to supplement
your knowledge and understanding
– Textbooks
– Articles
Essayons!
– Colleagues
Motto of Norwich University
– Online databases
“I don’t know; let’s try to find out!”
Copyright © 2004 M. E. Kabay. All rights reserved.
Background Knowledge






37
Read widely in related areas
Bring in analogies from other areas of
experience
Use personal life-experiences when suitable
Talk about feelings as well as ideas
Express values openly
Use divergence of judgment or opinion as
opportunity for expanding everyone’s
knowledge
Copyright © 2004 M. E. Kabay. All rights reserved.
Ethical Standards






38
Work for the participants’ and the
organization’s benefit
Review and revise course materials as
appropriate before reusing them
Provide value for time invested
Take participants’ other commitments into
account — stay on schedule
– Start when you say you’ll start
– Stop when you say you’ll stop
If teaching a course, make it possible to
achieve maximum grades
Teachers: beware of emotional / sexual
entanglements with students — violation of
professional ethical standards
Copyright © 2004 M. E. Kabay. All rights reserved.
Effective Communication:
Message Variables





39
Context
Behavioral objectives
Organization
Content
Review questions
Copyright © 2004 M. E. Kabay. All rights reserved.
Context




40
Provide overview of coming materials
– If appropriate, specify preliminary readings
– Provide notes for participants / students
– Use overview slides throughout
presentation
Explain why information matters to
participants or students
Focus on practical skills and examples
Courses: consider open-book exams,
cooperative learning
Copyright © 2004 M. E. Kabay. All rights reserved.
Behavioral Objectives


41
Avoid internally defined objectives such as
“knowing”, “becoming familiar with” etc.
What will the team or the class be able to DO
after the session / course that they can’t do
yet?
– Analyze, apply, attack, choose, compare,
contrast, decide, defend, define, discuss,
design, demonstrate, establish, explain,
improve, optimize, prepare, repair, solve,
teach, . . . .
– Within certain time limits, with certain tools
available, accomplish specific actions. . . .
Copyright © 2004 M. E. Kabay. All rights reserved.
Organization






42
Design presentation / course top-down
– Sketch out areas of concern, skills
– Fill in details
Fundamental questions
– What’s this all about? (context)
– So why should I care about it? (motivation)
– So what’s the scoop? (content)
Provide signposts explaining upcoming
sections
Start each section with restatement of why it
matters
Emphasize mastery of basic knowledge
Point to more advanced topics
Copyright © 2004 M. E. Kabay. All rights reserved.
Organization (cont’d)



43
Memory works through association
– Engrams — patterns of neuronal firings in
chains that activate experience, concepts
– Want to provide lots of hooks for
assimilation / memory
Present practical examples before stating
theory
– Need concrete example to establish
framework for associations
Invite comment, experiences from
participants before presenting theory
– Opportunity to strengthen integration of
new information into web of associations
Copyright © 2004 M. E. Kabay. All rights reserved.
Evaluating Effectiveness of
Communication


When leading a meeting or an informal course or
workshop, gauge effectiveness through
– Watching body language throughout session
– Informal discussion
– 1:1 conversation
Interviews, focus groups, surveys
Declining accuracy

44
For formal courses, can use essays, quizzes,
examinations, projects
– Include active knowledge as well as passive
– If open-book, preferable to restrict time; e.g., 2
minutes per question
Copyright © 2004 M. E. Kabay. All rights reserved.
Conformity, Compliance and
Obedience





45
Shift normative values towards goal
– Express expectation of cooperation – “We”
Group solidarity increases conformity
– Group exercises, games, teamwork
– If using contests, mix up the teams
Outliers are especially important
– Both enthusiasts and resisters
Norm of reciprocity
– Give a little, get a little
Foot in the door
– Get a little, get more
Copyright © 2004 M. E. Kabay. All rights reserved.
Pro-Social (Helpful) Behavior
Acting helpfully requires 4 steps:
 Notice problem
– Need awareness
 Recognize as emergency
– Need training
 Take responsibility for action
– Need climate for responsible action
– No worry about looking foolish
 Decide on action
– Sound training, good policies
46
Copyright © 2004 M. E. Kabay. All rights reserved.
Pro-Sociality (cont’d)


47
Bystander Effect
– Larger groups have slower reaction time
– Diffusion of responsibility
– Uncertainty about social climate
Counter bystander effect using rewards for
responsible behavior
– E.g., reporting security violations
– Challenging unbadged strangers
Copyright © 2004 M. E. Kabay. All rights reserved.
Pro-Sociality (cont’d)


48
Cost-benefit analysis
– Make prosociality low cost / high gain
– Provide hotline for security violations
– Allow anonymity in reports
Make failing to support policy expensive
– Personnel policies: clear sanctions
– Performance review
– Possible dismissal
Copyright © 2004 M. E. Kabay. All rights reserved.
DISCUSSION
M. E. Kabay, PhD, CISSP
mailto:[email protected]
http://www2.norwich.edu/mkabay
49
Copyright © 2004 M. E. Kabay. All rights reserved.