January 2016
Intermediate to advanced
119 pages
2h 1m
English
Overview
Ensure the success of your security program by understanding users' motivations
“This book cuts to the heart of many of the challenges in risk management, providing advice and tips from interviews as well as models that can be employed easily. Leron manages to do this without being patronizing or prescriptive, making it an easy read with some very real practical takeaways.”
Thom Langford, Chief Information Security Officer at Publicis Groupe
“Based on real world examples the book provides valuable insights into the relationship of information security, compliance, business economics and decision theory. Drawing on interdisciplinary studies, commentary from the field and his own research Leron gives the reader the necessary background and practical tools to drive improvements in their own information security program.”
Daniel Schatz, Director for Threat & Vulnerability Management at Thomson Reuters
In today’s corporations, information security professionals have a lot on their plate. In the face of constantly evolving cyber threats they must comply with numerous laws and regulations, protect their company’s assets, and mitigate risks to the furthest extent possible.
Security professionals can often be ignorant of the impact that implementing security policies in a vacuum can have on the end users’ core business activities. These end users are, in turn, often unaware of the risk they are exposing the organization to. They may even feel justified in finding workarounds because they believe that the organization values productivity over security. The end result is a conflict between the security team and the rest of the business, and increased, rather than reduced, risk.
This can be addressed by factoring in an individual’s perspective, knowledge, and awareness, and a modern, flexible, and adaptable information security approach. The aim of the security practice should be to correct employee misconceptions by understanding their motivations and working with the users rather than against them – after all, people are a company’s best assets.
Product description
Based on insights gained from academic research as well as interviews with UK-based security professionals from various sectors, The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour explains the importance of careful risk management and how to align a security program with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.
The Psychology of Information Security redresses the balance by considering information security from both viewpoints in order to gain insight into security issues relating to human behavior , helping security professionals understand how a security culture that puts risk into context promotes compliance.
Contents
Chapter 1: Introduction to information security
Chapter 2: Risk management
Chapter 3: The complexity of risk management
Chapter 4: Stakeholders and communication
Chapter 5: Information security governance
Chapter 6: Problems with policies
Chapter 7: How security managers make decisions
Chapter 8: How users make decisions
Chapter 9: Security and usability
Chapter 10: Security culture
Chapter 11: The psychology of compliance
Chapter 12: Conclusion - Changing the approach to security
Appendix: Analogies
About the author
Leron Zinatullin (zinatullin.com) is an experienced risk consultant specialising in cyber security strategy, management, and delivery. He has led large-scale, global, high-value security transformation projects with a view to improve cost performance and support business strategy.
He has extensive knowledge and practical experience in solving information security, privacy, and architectural issues across multiple industry sectors.
He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behavior.
Series information
The Psychology of Information Security is part of the Fundamentals Series, co-published by IT Governance Publishing and Information Security Buzz.
Ensure the success of your security programs by understanding the psychology of information security. Buy this book today.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.