Abstract
A major problem in the decision-making process is
poor communication regarding threats and risks between information security experts and decision makers.
By their nature, experts have a strong interest in operational details and limited insight into the purpose of the
organization as they may not fully understand the mission and business. They are overusing System Language
and System Thinking. This means they will fail making
themselves fully understood by the decision makers, who
are therefore not able to make carefully considered riskbased decisions.
This paper describes the theory behind the underlying communication problem between information security experts and decision makers and the use of System
Language and System Thinking. We questioned 63 participants, observed and analyzed their opinions, and
discussed the results. This has led to Lessons Learned
for developing a curriculum on Information Security
and Privacy Protection (IS&PP) and defining areas for
further research.
Original language | English |
---|---|
Title of host publication | Proceedings of the 50th Hawaii International Conference on System Sciences | 2017 |
Publisher | Hawaii International Conference on System Sciences. |
Pages | 6110-6119 |
Number of pages | 10 |
ISBN (Electronic) | 9780998133102 |
Publication status | Published - 2017 |