The cyber security design principles emphasize psychology over technology. Here is a collection of scientific studies, research papers, design books, and related resources.
This is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.
Paths They Take
Number of steps; Familiarity of each step; Friction at each step.
Introduction to Customer Journey Mapping (ebook)
Flow Design Processes – Focusing on the Users’ Needs
Scientific Articles
Shosuke Suzuki, Victoria M. Lawlor, Jessica A. Cooper, Amanda R. Arulpragasam, Michael T. Treadway. Distinct regions of the striatum underlying effort, movement initiation and effort discounting. Nature Human Behaviour, 2020; DOI: 10.1038/s41562-020-00972-y
G. Suri, G. Sheppes, C. Schwartz, J. J. Gross. Patient Inertia and the Status Quo Bias: When an Inferior Option Is Preferred. Psychological Science, 2013; DOI: 10.1177/0956797613479976
ulia Watzek, Sarah F. Brosnan. Capuchin and rhesus monkeys show sunk cost effects in a psychomotor task. Scientific Reports, 2020; 10 (1) DOI: 10.1038/s41598-020-77301-w
Choices They Make
Number of choices; Predictability of the choice; Cognitive load of each choice.
Nudge to Health: Harnessing Decision Research to Promote Health Behavior
Sludge: “activities that are essentially nudging for evil”
Intentional and Unintentional Sludge
Books
Choosing Not to Choose, by Cass Sunstein
How to Decide: Simple Tools for Making Better Choices, by Annie Duke
Being Wrong: Adventures in the Margin of Error, by Kathryn Schulz
Scientific Articles
Sunstein, C. (2020). Sludge Audits. Behavioural Public Policy, 1-20. doi:10.1017/bpp.2019.32
Soman, Dilip and Cowen, Daniel and Kannan, Niketana and Feng, Bing, Seeing Sludge: Towards a Dashboard to Help Organizations Recognize Impedance to End-User Decisions and Action (September 27, 2019). Research Report Series Behaviourally Informed Organizations Partnership; Behavioural Economics in Action at Rotman, September 2019
Chadd, I., Filiz-Ozbay, E. & Ozbay, E.Y. The relevance of irrelevant information. Exp Econ (2020). // Unavailable options and irrelevant information often cause people to make bad choices. The likelihood of poor decisions is even greater when people are presented with both.
Behavior
The behavior we want people to perform.
Scientific Articles
Hall, Jonathan D. and Madsen, Joshua, Can Behavioral Interventions Be Too Salient? Evidence From Traffic Safety Messages (September 16, 2020).
Barriers
Barriers preventing people from completing the behavior.
Scientific Articles
Benefits
Benefits of completing the behavior.
Scientific Articles
Training (Ignorance)
Scientific Articles
Irrationality
40 Clever and Creative Bus Stop Advertisements
Scientific Articles
Vadiveloo, M. K., Dixon, L. B., & Elbel, B. (2011). Consumer purchasing patterns in response to calorie labeling legislation in New York City. The International Journal of Behavioral Nutrition and Physical Activity, 8(1), 51-51.
Fernandes, D., Lynch, J. G., & Netemeyer, R. G. (2014). Financial literacy, financial education, and downstream financial behaviors. Management Science, 60(8), 1861-1883.
Investments
More people, better technology.
Scientific Articles
Incentives
Books
Drive: The Surprising Truth About What Motivates Us, by Daniel H. Pink
Scientific Articles
Gneezy, U., & Rustichini, A. (2000). A Fine is a Price. The Journal of Legal Studies, 29(1), 1–17. doi: 10.1086/468061
Rey-Biel, Pedro & Gneezy, Uri & Meier, Stephan. (2011). When and Why Incentives (Don’t) Work to Modify Behavior. Journal of Economic Perspectives. 25. 191-210. 10.2307/41337236.
Behavior Economics
From “Economic Man” to Behavioral Economics
Related Books
- The design of everyday things, by Don Norman
- Designing for the digital age: How to create human-centered products and services, by Kim Goodwin
- Design research: Methods and perspectives, by Brenda Laurel
- User experience revolution, by Paul Boag
Presentations
Does security have a design problem? Designing Security for Systems that are Bigger on the Inside.
How does design apply to securing application development and DevOps? Securing without Slowing.
How does design apply to BYOD and Cloud apps? Security Design Strategies for the Age of BYO.
How does design apply to blue teaming? Design Thinking for Blue Teams.
Posted by