Header

UZH-Logo

Maintenance Infos

Re-thinking Decision-Making in Cybersecurity: Leveraging Cognitive Heuristics in Situations of Uncertainty


Schaltegger, Thierry; Ambuehl, Benjamin; Ackermann, Kurt A; Ebert, Nico (2024). Re-thinking Decision-Making in Cybersecurity: Leveraging Cognitive Heuristics in Situations of Uncertainty. In: 57th Hawaii International Conference on System Sciences, Hawaii, 3 January 2024 - 8 January 2024. University of Hawaiʻi at Mānoa, 4734-4743.

Abstract

The prevailing consensus in cybersecurity is that individuals’ insecure behavior due to inadequate decision-making is a primary source of cyber incidents. The conclusion of this assumption is to enforce desired behavior via extensive security policies and suppress individuals’ intuitions or rules of thumb (cognitive heuristics) when dealing with critical situations. This position paper aims to change the way we look at these cognitive heuristics in cybersecurity. We argue that heuristics can be particularly useful in uncertain environments such as cybersecurity. Based on successful examples from other domains, we propose that heuristic decisionmaking should also be used to combat cyber threats. Lastly, we give an outlook on where such heuristics could be beneficial in cybersecurity (e.g., phishing detection or incident response) and how they can be found or created.

Abstract

The prevailing consensus in cybersecurity is that individuals’ insecure behavior due to inadequate decision-making is a primary source of cyber incidents. The conclusion of this assumption is to enforce desired behavior via extensive security policies and suppress individuals’ intuitions or rules of thumb (cognitive heuristics) when dealing with critical situations. This position paper aims to change the way we look at these cognitive heuristics in cybersecurity. We argue that heuristics can be particularly useful in uncertain environments such as cybersecurity. Based on successful examples from other domains, we propose that heuristic decisionmaking should also be used to combat cyber threats. Lastly, we give an outlook on where such heuristics could be beneficial in cybersecurity (e.g., phishing detection or incident response) and how they can be found or created.

Statistics

Downloads

22 downloads since deposited on 24 Jan 2024
22 downloads since 12 months
Detailed statistics

Additional indexing

Item Type:Conference or Workshop Item (Paper), not_refereed, original work
Communities & Collections:06 Faculty of Arts > Institute of Political Science
Dewey Decimal Classification:320 Political science
Uncontrolled Keywords:Innovative Behavioral IS Security and Privacy Research, cognitive heuristics, cybersecurity decision-making, ecological rationality, intuition, uncertainty
Language:English
Event End Date:8 January 2024
Deposited On:24 Jan 2024 16:28
Last Modified:24 Jan 2024 16:29
Publisher:University of Hawaiʻi at Mānoa
OA Status:Green
Official URL:https://hdl.handle.net/10125/106953
  • Content: Published Version
  • Language: English
  • Licence: Creative Commons: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)