Cognitive Hack explores a broad cross section of research and actual case studies to draw out new insights that may be used to build a benchmark for IT security professionals. This research takes a deeper dive beneath the surface of the analysis to uncover novel ways to mitigate data security vulnerabilities, connect the dots and identify patterns in the data on breaches. This analysis will assist security professionals not only in benchmarking their risk management programs but also in identifying forward looking security measures to narrow the path of future vulnerabilities.Cognitive Risk is a book about the least understood but most pervasive risk to mankind – human decision-making. Cognitive risks are subconscious and unconscious influence factors on human decision-making: heuristics and biases. To understand the scope of cognitive risk, we look at case studies, corporate and organizational failure, and the science that explains why we systemically make errors in judgment and repeat the same errors.The book takes a multidisciplinary and pedestrian stroll through behavioral science with a light touch, using stories to explain why we consistently make cognitive errors that not only increase risks but also simultaneously fail to recognize these errors in ourselves or our organizations. This science has deep roots in organizational behavior, psychology, human factors, cognitive science, and behavioral science all influenced by classic philosophers and enabled through advanced analytics and artificial intelligence. The point of the book is simple. Humans persist with bounded rationality, but as the speed of information, data, money, and life in general accelerates, we will need the right tools to not only keep pace but to survive and thrive.In light of all these factors that complicate risk, the book offers a foundational solution. A cognitive risk framework for enterprise risk management and cyber security. There are five pillars in a cognitive risk framework with five levels of maturity, yet there is no universally prescribed maturity level. It is more a journey of different paths. Each organization will pursue its own path, but the goal is the same – to minimize the errors that could have been avoided. We explain why risks are hard to discuss and why we systematically ignore the aggregation of these risks hidden in collective decision-making in an organization.The cognitive risk framework is a framework designed to explore the two most complex risks organizations face: uncertainty and decision-making under uncertainty. The first pillar is cognitive governance, which is a structured approach for institutionalizing rational decision-making across the enterprise. Each pillar is complimentary and builds on the next in a succession of continuous learning. There is no endpoint because the pillars evolve with technology. Enterprise risk is a team effort in risk intelligence grounded in a framework for good decision-making. We close with a call to become designers of risk solutions enabled by the right technology and nurtured by collaboration.We hope you enjoy the book with this context.
