One of Eyra Security’s core areas of resarch is applying new ideas from other disciplines to Information Security. While all ideas do not apply directly, many can be translated with reasonable accuracy. By migrating lessons learned elsewhere to your organization, Eyra can help you move more quickly while maximizing your effectiveness.

One area of current research involves the psychological findings from the medical field and attempts to apply them to Information Security. The preliminary findings were interesting, but the initial exploratory round did not reach enough appropriate individuals within organizations to derive sufficiently promising results. If you are interested in assisting Eyra with our next round of exploration, please let us know. We are looking for organizations in excess of 100 employees that are willing to let their nontechnical employees take an online survey about their security experiences.

Thus far, one paper has been published in this area of resarch:

Measuring Psychological Variables of Control in Information Security

The effects of an individual’s personal feelings of control over aspects of their health have been well studied in the field of Medical Psychology. However, these variables have not been explored in the field of Information Security. If these variables have the same impact within Information Security as they do within Medical Psychology, it could indicate that current practices such as locking down users’ workstations are counterproductive. This paper proposes a method of measuring the variables of Actual Control, Perceived Control and Vicarious Perceived Control and engages in an analysis of sampled data. The initial results are promising with regards to the psychological measurements, though adjustment variables did not have the expected results. Determining the full impact of these variables on organizational security will require additional work to measure the damage that security incidents cause.

The paper was written for the SANS Institute and can be downloaded here