A major problem in the decision-making process is poor communication regarding threats and risks between information security experts and decision makers. By their nature, experts have a strong interest in operational details and limited insight into the purpose of the organization as they may not fully understand the mission and business. They are overusing System Language and System Thinking. This means they will fail making themselves fully understood by the decision makers, who are therefore not able to make carefully considered riskbased decisions. This paper describes the theory behind the underlying communication problem between information security experts and decision makers and the use of System Language and System Thinking. We questioned 63 participants, observed and analyzed their opinions, and discussed the results. This has led to Lessons Learned for developing a curriculum on Information Security and Privacy Protection (IS&PP) and defining areas for further research.
|Title of host publication||Hawaii International Conference on System Sciences (HICSS)|
|Publisher||Hawaii International Conference on System Sciences.|
|Publication status||Published - 5 Jan 2017|