how near-miss bias affects risk-based decisions
TRANSCRIPT
![Page 1: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/1.jpg)
HOW NEAR-MISS BIAS AFFECTS RISK-BASED DECISIONS
JORDAN SCHROEDER, CISSP, CISM
![Page 2: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/2.jpg)
INTRO
WHO AM I
▸ Member of the GRC team at Visier, Inc
▸ Moderator of Security StackExchange
▸ Former teacher, actor, singer, director, Coast Guard Officer, undertaker, database designer, tax preparer, business owner, day trader
▸ http://www.linkedin.com/in/schroederjordan
▸ http://security.stackexchange.com/users/6253/schroeder
▸ https://gophishyourself.wordpress.com
![Page 3: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/3.jpg)
INTRO
RISK IS NOT ENOUGH
▸ You’ve done your calculations
▸ You’ve drafted a clear report
▸ Your research shows that a Threat is not going away
▸ You present your report expertly to decision makers
▸ They make the wrong decision …
▸ Why??
![Page 4: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/4.jpg)
INTRO
RISK IS NOT ENOUGH
▸ Data alone does not result in appropriate action
▸ Data is interpreted by the audience through a number of filters
▸ Those filters determine the resulting action
▸ “Near-Miss Bias” is a unique filter that requires specific handling
![Page 5: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/5.jpg)
INTRO
THIS PRESENTATION IS A SUMMARY OF:
2008
How Near-Misses Influence Decision Making Under Risk: A Missed Opportunity for Learning Robin L. Dillon
Catherine H. Tinsley
McDonough School of Business, Georgetown University, Washington, D.C. 20057
![Page 6: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/6.jpg)
INTRO
THIS PRESENTATION IS A SUMMARY OF:
2012
How Near-Miss Events Amplify or Attenuate Risky Decision Making Robin Dillon-Merrill
Catherine H. Tinsley
Mathew A. Cronin
McDonough School of Business, Georgetown University, Washington, D.C. 20057
![Page 7: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/7.jpg)
WHAT IS IT?
![Page 8: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/8.jpg)
WHAT IS IT?
COLUMBIA SHUTTLE DISASTER 2003
![Page 9: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/9.jpg)
WHAT IS IT?
COLUMBIA SHUTTLE DISASTER 2003
▸ Shedding of tank foam during ascent happened frequently
▸ Caused by debris hitting the tanks
▸ “With each successful landing, it appears that NASA engineers and managers increasingly regarded the foam-shedding as inevitable, and as either unlikely to jeopardize safety or simply an acceptable risk.”
▸ (Columbia Accident Investigation Board Report, Volume 1, 2003, p. 122)
Dillon and Tinsley: How Near-Misses Influence Decision Making Under Risk: A Missed Opportunity for Learning Management Science, Articles in Advance
![Page 10: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/10.jpg)
WHAT IS IT?
COLUMBIA SHUTTLE DISASTER 2003
▸ Probabilistic analysis performed in 1990 determined that debris strikes could be catastrophic
▸ Foam loss occurred on 10% of flights
▸ Damage to foam every flight, with an average of 143 divots per flight
▸ How could this ‘obvious’ problem be overlooked?
Dillon and Tinsley: How Near-Misses Influence Decision Making Under Risk: A Missed Opportunity for Learning Management Science, Articles in Advance
![Page 11: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/11.jpg)
WHAT IS IT?
NASA EXPERIMENT
▸ Information Management Business students (with training in stats and probabilities) put through a simulation where they have to navigate the Mars Rover from one crater to another
▸ Each simulated day, given a weather report, the participant needed to decide to stay or move on given the weather’s chance of causing a wheel failure
Dillon and Tinsley: How Near-Misses Influence Decision Making Under Risk: A Missed Opportunity for Learning Management Science, Articles in Advance
![Page 12: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/12.jpg)
WHAT IS IT?
NASA EXPERIMENT
▸ Those who ‘survived’ the risky choices were more prone to making riskier decisions for the next day
▸ Even when presented with the probabilities afresh each day, participants still incorporated the previous successes into their decisions, even if they did not make as many risky decisions
▸ When given the choice of knowing Near-Miss data or other data, participants were less likely to seek other data
Dillon and Tinsley: How Near-Misses Influence Decision Making Under Risk: A Missed Opportunity for Learning Management Science, Articles in Advance
![Page 13: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/13.jpg)
WHAT IS IT?
NEAR-MISS
▸ People tend see events as linked and not independent
▸ “hot streaks”
▸ People with Near-Miss information tend to skew towards riskier decisions
Dillon and Tinsley: How Near-Misses Influence Decision Making Under Risk: A Missed Opportunity for Learning Management Science, Articles in Advance
![Page 14: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/14.jpg)
WHAT IS IT?
NEAR-MISS
▸ People do not ignore the other data
▸ People use the data from the Near-Miss events as a source of optimism
▸ More Near-Miss data exacerbates the problem
Dillon and Tinsley: How Near-Misses Influence Decision Making Under Risk: A Missed Opportunity for Learning Management Science, Articles in Advance
![Page 15: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/15.jpg)
WHAT IS IT?
NEAR-MISS SPECULATION: BAYES
▸ Near-Miss data incorporated with statistical data
▸ Like an inherent Bayesian analysis
▸ “My successes were because the probabilities were general and not applicable to my specific situation. My probabilities are different.”
▸ (Stats) x (Near-Miss adjustment)
▸ version of the Gambler’s Fallacy
Dillon and Tinsley: How Near-Misses Influence Decision Making Under Risk: A Missed Opportunity for Learning Management Science, Articles in Advance
![Page 16: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/16.jpg)
WHAT IS IT?
INFOSEC NEAR-MISSES
▸ Viruses caught on endpoints
▸ Brute-force attempts
▸ “Background radiation”
▸ Phishing domains
▸ Vishing calls
![Page 17: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/17.jpg)
WHAT IS IT?
INFOSEC NEAR-MISSES
▸ “We have never had a breach”
▸ that we know about …
▸ “All these alerts are just noise”
▸ Incident Response teams are absorbing a lot of budget in hunting down all these false positives
▸ “They are just script-kiddies who don’t know what they are doing”
▸ There is no real threat
![Page 18: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/18.jpg)
MISS - COMMUNICATING
![Page 19: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/19.jpg)
MISS - COMMUNICATING
NEAR-MISS COULD BE INTERPRETED TWO WAYS
▸ Disasters that did not occur
▸ Resilient Risks
▸ “Yay! I didn’t die!”
▸ Disasters that almost happened
▸ Vulnerable Risks
▸ “OMG! I almost died!”
Dillon-Merrill, Robin; Tinsley, Catherine H.; and Cronin, Matthew A., "How Near-Miss Events Amplify or Attenuate Risky Decision Making" (2012). Published Articles & Papers. Paper 93.
![Page 20: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/20.jpg)
MISS - COMMUNICATING
RESILIENT RISKS
▸ Results in riskier behaviours
▸ Reduction in mitigating behaviours
▸ Explicit Likelihood calculations do not change
▸ merely quietly ‘enhanced’ with a Bayesian factor when there is a call to action
Dillon-Merrill, Robin; Tinsley, Catherine H.; and Cronin, Matthew A., "How Near-Miss Events Amplify or Attenuate Risky Decision Making" (2012). Published Articles & Papers. Paper 93.
![Page 21: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/21.jpg)
MISS - COMMUNICATING
THE HIDDEN CALCULATION
▸ You present your risks
▸ You present your calculations
▸ Your audience agrees with it all
▸ Your audience quietly applies their own Bayesian Near-Miss factor
▸ Your audience then decides
▸ budget, personnel, InfoSec projects, etc.Dillon-Merrill, Robin; Tinsley, Catherine H.; and Cronin, Matthew A., "How Near-Miss Events Amplify or Attenuate Risky Decision Making" (2012). Published Articles & Papers. Paper 93.
![Page 22: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/22.jpg)
MISS - COMMUNICATING
PRESENT VULNERABLE RISKS
▸ If Near-Miss information was communicated as Vulnerable Risks, (“we almost died!”):
▸ and if the audience accepts that framing
▸ the effects of Resilient Risks are countered
▸ more mitigating behaviours are used
Dillon-Merrill, Robin; Tinsley, Catherine H.; and Cronin, Matthew A., "How Near-Miss Events Amplify or Attenuate Risky Decision Making" (2012). Published Articles & Papers. Paper 93.
![Page 23: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/23.jpg)
MISS - COMMUNICATING
VULNERABLE CHALLENGES
▸ The audience might not accept your framing
▸ becomes a messaging issue
▸ Creates a tone of negativity (less fun, less value)
▸ The mitigations become devalued!
▸ The messenger becomes devalued!
Dillon-Merrill, Robin; Tinsley, Catherine H.; and Cronin, Matthew A., "How Near-Miss Events Amplify or Attenuate Risky Decision Making" (2012). Published Articles & Papers. Paper 93.
![Page 24: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/24.jpg)
MISS - COMMUNICATING
COMMUNICATING RISK
▸ Focus on the Probabilities
▸ Frame past events as independent and not a chain
▸ Focus on the potential impact
▸ Frame Near-Misses as Vulnerable Risks
Dillon-Merrill, Robin; Tinsley, Catherine H.; and Cronin, Matthew A., "How Near-Miss Events Amplify or Attenuate Risky Decision Making" (2012). Published Articles & Papers. Paper 93.
![Page 25: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/25.jpg)
MISS - COMMUNICATING
COMMUNICATING RISK - JORDAN
▸ Focus on Procedural Resiliency
▸ Combat Vulnerable Risk negativity by celebrating the resiliency of the Risk process
▸ “Yay! We are surviving because we are using the right mitigations!”
▸ Make insurance sexy
![Page 26: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/26.jpg)
MISS - COMMUNICATING
COMMUNICATING RISK - JORDAN
▸ Our detective controls are working!
▸ IR teams have confirmed that our users, our data, and our systems have not been compromised
▸ Our defences are effective against script-kiddies
▸ What are they not effective against?
![Page 27: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/27.jpg)
NEAR-MISS AS RISK ASSESSMENT
![Page 28: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/28.jpg)
MISS - ASSESSMENT
CHEAP DISASTERS
▸ Treating Near-Misses as Resilient Risks means that one might ignore them
▸ Instead, treat them as Actualized Risks for purposes of Risk Assessment
▸ Disasters that don’t cost the organization anything
Dillon-Merrill, Robin; Tinsley, Catherine H.; and Cronin, Matthew A., "How Near-Miss Events Amplify or Attenuate Risky Decision Making" (2012). Published Articles & Papers. Paper 93.
![Page 29: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/29.jpg)
MISS - ASSESSMENT
CHEAP TRICKS
▸ Often the same pre-conditions as a real disaster
▸ Easy way to identify hazardous conditions
▸ Encourage and reward the reporting of Near-Misses
▸ Helps to encourage an organizational culture of safety
Dillon-Merrill, Robin; Tinsley, Catherine H.; and Cronin, Matthew A., "How Near-Miss Events Amplify or Attenuate Risky Decision Making" (2012). Published Articles & Papers. Paper 93.
![Page 30: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/30.jpg)
MISS - ASSESSMENT
EXAMPLE IN INFOSEC
▸ A/V alerts that it caught a virus in an email attachment
▸ not executed, no actualized risk
▸ Every once in a while, treat it as though it was an actual infection
▸ Run the Incident Response process
▸ great training for new members
▸ Identify all vulnerable areas that were involved
![Page 31: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/31.jpg)
MISS - ASSESSMENT
EXAMPLE IN INFOSEC
▸ Recalibrate the Risk Assessments of that area
▸ Mitigate vulnerable areas
▸ Trains everyone involved
▸ Streamlines the processes
▸ Encourages a culture of safety
▸ Old-fashioned fire drill but with a real threat
![Page 32: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/32.jpg)
SUMMARY
![Page 33: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/33.jpg)
SUMMARY
NEAR-MISS
▸ Past events seen as linked
▸ Near-Misses used to adjust probabilities
▸ Near-Miss data preferred over other data
▸ Used to justify riskier behaviours
![Page 34: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/34.jpg)
SUMMARY
COMMUNICATING NEAR-MISS
▸ Focus on Probabilities
▸ De-link events
▸ Focus on potential harm
▸ Shift to Vulnerable Risks
▸ Focus on Procedural Resiliencies
▸ Combat negativity
![Page 35: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/35.jpg)
SUMMARY
NEAR-MISS ASSESSMENTS
▸ Treat Near-Misses as opportunities
▸ Cheap Disasters
▸ Fire Drills
▸ Identify Vulnerable areas
▸ Communicate the importance of reporting Near-Misses
▸ Encourage a culture of safety
![Page 36: How Near-Miss Bias Affects Risk-Based Decisions](https://reader034.vdocuments.site/reader034/viewer/2022042723/58ea79411a28ab0c0b8b510f/html5/thumbnails/36.jpg)
THANK YOU &HAPPY RISKING!