Phishing has evolved into a major threat by leveraging AI-generated content and deepfakes to exploit human decision-making vulnerabilities. Traditional security measures fail to address the human element, a critical node in organizational defense. This paper introduces the Cognitive Operations Management (COM) Framework, which quantifies human performance against phishing attacks through the User Decision Quality (UDQ) metric, encompassing Accuracy, Speed, and Consistency. By applying the Drift-Diffusion Model (DDM), the framework mathematically links cognitive attack tactics to measurable UDQ degradation, enabling diagnostic insights into decision failures. Operational resilience is enhanced via Cognitive-Failure Modes and Effects Analysis (C-FMEA) for risk prioritization and Adaptive Cognitive Nudging (ACN) with Positive Friction interventions to dynamically steer users toward deliberate, accurate decisions. A hybrid modeling approach combining DDM and Agent-Based Modeling (ABM) simulates individual UDQ failures’ systemic impact, allowing strategic allocation of security resources to high-risk users and optimizing organizational resilience metrics such as Mean Time to Compromise (MTTC). The COM Framework establishes a data-driven methodology for integrating cognitive risk management into cybersecurity operations, bridging human behavior modeling, operational strategy and ethical intervention design.