Cyber security in the workplace - understanding and promoting behaviour change - Cyber MiSC

## notes - paper is more than a decade old - published 2013 - 'compliance' is not a very valuable metric, because that may not actually be the behaviour we want people to display - can we apply lessons from health (personal risk/perception of impact not aligned to reality) to cybersecurity? -