Psychology: A Precious Security Tool

Understanding attackers' motivations can help to improve computer security measures. Using good communication and collaboration may make security objectives easier to achieve. These skills are usually not part of training for security specialists. This document is a reflection about human behaviour regarding computer security. It explains why understanding psychology is as important as mastering technical skills. It shows how some human actions can weaken security regardless of technology in place. It proposes techniques to minimize the effects of unwanted behaviours and turn them into more secure ones. This paper discuss external enemies such as hackers as well as those who attack form inside organizations. It also discusses how a better understanding of employee's psychology can give clues on how to discourage some kinds of behaviour. We'll also discuss security awareness programs that help increase security, and laying the foundation of a security culture and its effects on the organization. In each section, some 'psycho-security tips' will be given to illustrate how a concept can apply to real situations. NOTE: Reader should consider them as examples to illustrate a point and not instructions on how to secure their organizations.