
Dr Marc J Dupuis
Associate Professor and Graduate Program Coordinator, University of Washington
Presentation
Cybersecurity Insights Gleaned from World Religions
A Possible Vision for Cybersecurity in Organizations

Presentation overview
Organisations craft and disseminate security policies, encoding the actions they want employees to take to preserve and protect organisational information resources. They engage in regular cybersecurity awareness and training drives to ensure that employees know what to do, and how to do it. Despite these efforts, employees make mistakes or do not comply with policy dictates, triggering cybersecurity incidents. The reality is that whereas cyber professionals propose, human nature disposes.
In addressing this kind of conundrum, researchers suggest that it could be beneficial to learn from the established practices of other domains that also grapple with erratic human behaviours. This seems reasonable, given that cybersecurity is a relatively young field, and not yet particularly successful in accommodating human nature and fallibility, whereas other fields have years of experience coping with these kinds of problems. Here, we consider learning from religions, which have been around for millennia. The one aspect that all understand is human nature, and the tendency of humans to make mistakes and behave ill-advisedly, sometimes despite knowing better. Religions have developed a number of practices to accommodate human frailties, and to care for their adherents. This might well be a fruitful domain for cybersecurity professionals to learn from, in terms of harnessing effective mechanisms to encourage secure behaviours.
To this end, we explored the literature on religions, and interviewed a number of religious leaders to produce a ‘vision for cybersecurity’. The vision was evaluated by cybersecurity professionals, its target audience. We provide our vision here, in the hope that it will launch a debate into a more equitable new era of ‘best practice’ in the cybersecurity domain.
Biography
Marc J. Dupuis, Ph.D., is an Associate Professor within the Division of Computing and Software Systems at the University of Washington Bothell where he also serves as the Graduate Program Coordinator. Dr. Dupuis earned a Ph.D. in Information Science at the University of Washington with an emphasis on cybersecurity. Prior to this, he earned an M.S. in Information Science and a Master of Public Administration (MPA) from the University of Washington, as well as an M.A. in Political Science at Western Washington University.
His research area is cybersecurity with an emphasis on the human factors of cybersecurity. The primary focus of his research involves the examination of psychological traits and their relationship to the cybersecurity and privacy behavior of individuals. This has included an examination of antecedents and related behaviors, as well as usable security and privacy. His goal is to both understand behavior as it relates to cybersecurity and privacy, and discover what may be done to improve that behavior.
More recently, Dr. Dupuis and his collaborators have been exploring the use of fear appeals, shame, regret, forgiveness, and grace in cybersecurity, including issues related to their efficacy and the ethics of using such techniques to engender behavioral change.