After having worked in information security for over 20 years, I have come to a simple conclusion: unless we move beyond technology alone and start addressing the human element, we are in a no-win situation. Technology is where every organization should start when managing its cyber-risk, but technology can only go so far. We have hit that point of diminishing return. We can no longer ignore the human factor in information security. Lance’s book is a breath of fresh air. He creates a new chapter in how organizations should manage their risk, not just at the technical level but at a human level. What makes Lance’s book so powerful is that he not only backs the book with tremendous research and academic studies, but also brings in real-world ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.