The origins of this book are diverse. It comes from several different ideas I’ve explored or been interested in over the years, ideas that traced their own individual orbits inside my head and then gradually came together into a concept I felt compelled to write about. I decided I wanted to write a book about security culture not long after I finished my first book, IT Security Metrics. I didn’t call it “security culture” at the time or think about in those terms. I just knew after I finished the first book that I wasn’t actually finished.

A good friend commented to me after reading IT Security Metrics that he thought one of my most important points was how valuable qualitative data and measurement can be to information security ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.