The origins of this book are diverse. It comes from several different ideas I’ve explored or been interested in over the years, ideas that traced their own individual orbits inside my head and then gradually came together into a concept I felt compelled to write about. I decided I wanted to write a book about security culture not long after I finished my first book, IT Security Metrics. I didn’t call it “security culture” at the time or think about in those terms. I just knew after I finished the first book that I wasn’t actually finished.

A good friend commented to me after reading IT Security Metrics that he thought one of my most important points was how valuable qualitative data and measurement can be to information security ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.