INTRODUCTION TO PART IV
PREVENTION: HUMAN FACTORS
Human factors underlie all the mechanisms invented by technical experts. Without human awareness, training, education, and motivation, technical defenses inevitably fail. This part details a number of valuable areas of knowledge for security practitioners, including these chapters and topics:
- 43. Ethical Decision Making and High Technology. A strategy for setting a high priority on ethical behavior and a framework for making ethical decisions
- 44. Security Policy Guidelines. Guidelines for how to express security policies effectively
- 45. Employment Practices and Policies. Policy guidelines on hiring, managing, and firing employees
- 46. Vulnerability Assessment. Methods for smoothly integrating vulnerability assessments into the corporate culture
- 47. Operations Security and Production Controls. Running computer operations securely, and controlling production for service levels and quality
- 48. E-Mail and Internet Use Policies. Guidelines for setting expectations about employee use of the Web and e-mail at work
- 49. Implementing a Security Awareness Program. Methods for ensuring that all employees are aware of security requirements and policies
- 50. Using Social Psychology to Implement Security Policies. Drawing on the science of social psychology for effective implementation of security policies
- 51. Security Standards for Products. Established standards for evaluating the trustworthiness and effectiveness of security products