Welcome to the GCC 6200: Psychology & Sociology of Information Security
Information security is all about people. People are the first, last, and best line of defense. Attackers regularly make use of this understanding, spending a lot of time thinking about how to best manipulate people into performing actions against their best interests. Too often, security practitioners believe they can require people to behave in certain, tightly circumscribed ways. They miss that humans will continue to be humans, so it is best to work with them rather than against them. Understanding not only the attacker mindset but also the diverse mindsets of people within the organization can help identify the best controls to implement.
