Cognitive Hack and Cognitive Risk Set (Security, Audit and Leadership Series)

        Cognitive Hack explores a broad cross section of research and actual case studies to draw out new insights that may be used to build a benchmark for IT security professionals. This research takes a deeper dive beneath the surface of the analysis to uncover novel ways to mitigate data security vulnerabilities, connect the dots and identify patterns in the data on breaches. This analysis will assist security professionals not only in benchmarking their risk management programs but also in identifying forward looking security measures to narrow the path of future vulnerabilities.

        Cognitive Risk is a book about the least understood but most pervasive risk to mankind – human decision-making. Cognitive risks are subconscious and unconscious influence factors on human decision-making: heuristics and biases. To understand the scope of cognitive risk, we look at case studies, corporate and organizational failure, and the science that explains why we systemically make errors in judgment and repeat the same errors.

        The book takes a multidisciplinary and pedestrian stroll through behavioral science with a light touch, using stories to explain why we consistently make cognitive errors that not only increase risks but also simultaneously fail to recognize these errors in ourselves or our organizations. This science has deep roots in organizational behavior, psychology, human factors, cognitive science, and behavioral science all influenced by classic philosophers and enabled through advanced analytics and artificial intelligence. The point of the book is simple. Humans persist with bounded rationality, but as the speed of information, data, money, and life in general accelerates, we will need the right tools to not only keep pace but to survive and thrive.

        In light of all these factors that complicate risk, the book offers a foundational solution. A cognitive risk framework for enterprise risk management and cyber security. There are five pillars in a cognitive risk framework with five levels of maturity, yet there is no universally prescribed maturity level. It is more a journey of different paths. Each organization will pursue its own path, but the goal is the same – to minimize the errors that could have been avoided. We explain why risks are hard to discuss and why we systematically ignore the aggregation of these risks hidden in collective decision-making in an organization.

        The cognitive risk framework is a framework designed to explore the two most complex risks organizations face: uncertainty and decision-making under uncertainty. The first pillar is cognitive governance, which is a structured approach for institutionalizing rational decision-making across the enterprise. Each pillar is complimentary and builds on the next in a succession of continuous learning. There is no endpoint because the pillars evolve with technology. Enterprise risk is a team effort in risk intelligence grounded in a framework for good decision-making. We close with a call to become designers of risk solutions enabled by the right technology and nurtured by collaboration.

        We hope you enjoy the book with this context.

James Bone is president of Global Compliance Associates, LLC, an enterprise risk researcher and the first cognitive risk consultant. Since the publication of his first book Cognitive Hack, James has promoted the idea of a cognitive risk framework in several publications and has developed a following on social media as a thought leader in this space. James has also served as lecturer-in-discipline, Enterprise Risk Management at Columbia University School of Professional Studies. Cognitive Risk will be the first book of its kind to apply additional research and experience through case studies to formulate a more complete cognitive risk framework for cybersecurity and enterprise risk management. James has two websites, globalcomplianceassociates.com and thegrcbluebook.com, that will be used to promote the book as well as 5,000 - 8,000 fellow global risk professionals seeking thought leadership in risk best practices.

Jessie H. Lee has 25+ years of leadership experience in the financial, government, higher education, and nonprofit sectors. Jessie is a strategic and insightful leader who enables organizations to transform and grow through innovative and inclusive approaches integrating enterprise risk management, technology, and data to strengthen financial and operational sustainability and flexibility. She employs data-driven approaches and builds collaborative and trusted relationships with boards, executive leaders, staff, strategic partners, and industry leaders. She founded Better Future Strategies LLC to enable nonprofit and social enterprise organizations to achieve their visions. She teaches courses in both Enterprise Risk Management and Nonprofit Management Masters programs at Columbia University.