Action Bias and the Two Most Dangerous Words in Cybersecurity Incident Response: An Argument for More Measured Incident Response

Josiah Dykstra; Jamie Met; Nicole Backert; Rebecca Mattie; Douglas Hough

doi:10.1109/MSEC.2022.3159471

Action Bias and the Two Most Dangerous Words in Cybersecurity Incident Response: An Argument for More Measured Incident Response

Josiah Dykstra, Jamie Met, Nicole Backert, Rebecca Mattie, Douglas Hough

Bloomberg School of Public Health

Research output: Contribution to journal › Article › peer-review

Abstract

An inherent aspect of cybersecurity is managing incidents where people expect to see an immediate response. Action bias is our tendency to favor action over inaction because it makes us feel better-even if we have made things worse.

Original language	English (US)
Pages (from-to)	102-106
Number of pages	5
Journal	IEEE Security and Privacy
Volume	20
Issue number	3
DOIs	https://doi.org/10.1109/MSEC.2022.3159471
State	Published - 2022

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering
Law

Access to Document

10.1109/MSEC.2022.3159471

Cite this

@article{48d5e1f131fe4f38ad4b168f81167691,

title = "Action Bias and the Two Most Dangerous Words in Cybersecurity Incident Response: An Argument for More Measured Incident Response",

abstract = "An inherent aspect of cybersecurity is managing incidents where people expect to see an immediate response. Action bias is our tendency to favor action over inaction because it makes us feel better-even if we have made things worse.",

author = "Josiah Dykstra and Jamie Met and Nicole Backert and Rebecca Mattie and Douglas Hough",

note = "Publisher Copyright: {\textcopyright} 2003-2012 IEEE.",

year = "2022",

doi = "10.1109/MSEC.2022.3159471",

language = "English (US)",

volume = "20",

pages = "102--106",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Action Bias and the Two Most Dangerous Words in Cybersecurity Incident Response

T2 - An Argument for More Measured Incident Response

AU - Dykstra, Josiah

AU - Met, Jamie

AU - Backert, Nicole

AU - Mattie, Rebecca

AU - Hough, Douglas

PY - 2022

Y1 - 2022

N2 - An inherent aspect of cybersecurity is managing incidents where people expect to see an immediate response. Action bias is our tendency to favor action over inaction because it makes us feel better-even if we have made things worse.

AB - An inherent aspect of cybersecurity is managing incidents where people expect to see an immediate response. Action bias is our tendency to favor action over inaction because it makes us feel better-even if we have made things worse.

UR - http://www.scopus.com/inward/record.url?scp=85131313029&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85131313029&partnerID=8YFLogxK

U2 - 10.1109/MSEC.2022.3159471

DO - 10.1109/MSEC.2022.3159471

M3 - Article

AN - SCOPUS:85131313029

SN - 1540-7993

VL - 20

SP - 102

EP - 106

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 3

ER -

Action Bias and the Two Most Dangerous Words in Cybersecurity Incident Response: An Argument for More Measured Incident Response

Abstract

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this