Chapter 16 Culture and Human Factors

Avinash Totade, ISACA Past President UAE Chapter and Management Consultant, UAE Sandeep Godbole, ISACA Past President Pune Chapter, India

The head of human resources, Grace, said to Tom, “Just as safety and environment, cybersecurity is the responsibility of each and every employee of the organization.” Maria, the chief information security officer (CISO), backed this up: “Of course, Tom, we can’t do without the technical side of cybersecurity, but the cultural and human factors are also important. Did you know that the Great Wall of China was first breached by an invader that did not use force but simply bribed guards at the gate?”

A robust cybersecurity “Great Wall of China” should be installed, but the best of the security devices and systems can be compromised, especially due to vulnerabilities arising from human factors. The breach could be motivated by personal benefit or simply a product of ignorance. Since information systems are used by everybody in the organization, the onus of complying with the information security hygiene comes with it. Well-designed security systems, appropriate organizational culture, training, awareness, compliance, and audit play a very significant part in users exhibiting secure behavior. Security protects the confidentiality, integrity, and availability of information assets. It is likely that the need for security is generally accepted within the organization. The trade-off between security, usability, ...

Get The Cyber Risk Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.