| |
| |
Acknowledgements | |
| |
| |
Foreword | |
| |
| |
Introduction | |
| |
| |
| |
Power to the people | |
| |
| |
The power is out there - somewhere | |
| |
| |
An information rich world | |
| |
| |
When in doubt, phone a friend | |
| |
| |
Engage with the public | |
| |
| |
The power of the blogosphere | |
| |
| |
The future of news | |
| |
| |
Leveraging new ideas | |
| |
| |
Changing the way we live | |
| |
| |
Transforming the political landscape | |
| |
| |
Network effects in business | |
| |
| |
Being there | |
| |
| |
Value in the digital age | |
| |
| |
Hidden value in networks | |
| |
| |
Network innovations create security challenges | |
| |
| |
You�ve been de-perimeterized! | |
| |
| |
The collapse of information management | |
| |
| |
The shifting focus of information security | |
| |
| |
The external perspective | |
| |
| |
A new world of openness | |
| |
| |
A new age of collaborative working | |
| |
| |
Collaboration oriented architecture | |
| |
| |
Business in virtual worlds | |
| |
| |
Democracy-but not as we know it | |
| |
| |
Don�t lock down that network | |
| |
| |
The future of network security | |
| |
| |
Can we trust the data? | |
| |
| |
The art of disinformation | |
| |
| |
The future of knowledge | |
| |
| |
The next big security concern | |
| |
| |
Learning from networks | |
| |
| |
| |
Everyone makes a difference | |
| |
| |
Where to focus your efforts | |
| |
| |
The view from the bridge | |
| |
| |
The role of the executive board | |
| |
| |
The new threat of data leakage | |
| |
| |
The perspective of business management | |
| |
| |
The role of the business manager | |
| |
| |
Engaging with business managers | |
| |
| |
The role of the IT function | |
| |
| |
Minding your partners | |
| |
| |
Computer users | |
| |
| |
Customers and citizens | |
| |
| |
Learning from stakeholders | |
| |
| |
| |
There�s no such thing as an isolated incident | |
| |
| |
What lies beneath? | |
| |
| |
Accidents waiting to happen | |
| |
| |
No system is foolproof | |
| |
| |
Visibility is the key | |
| |
| |
A lesson from the safety field | |
| |
| |
Everyone makes mistakes | |
| |
| |
The science of error prevention | |
| |
| |
Swiss cheese and security | |
| |
| |
How significant was that event? | |
| |
| |
Events are for the record | |
| |
| |
When an event becomes an incident | |
| |
| |
The immediacy of emergencies | |
| |
| |
When disaster strikes | |
| |
| |
When events spiral out of control | |
| |
| |
How the response process changes | |
| |
| |
No two crises are the same | |
| |
| |
One size doesn�t fit all | |
| |
| |
The limits of planning | |
| |
| |
Some assets are irreplaceable | |
| |
| |
It�s the process, not the plan | |
| |
| |
Why crisis management is hard | |
| |
| |
Skills to manage a crisis | |
| |
| |
Dangerous detail | |
| |
| |
The missing piece of the jigsaw | |
| |
| |
Establish the real cause | |
| |
| |
Are you incubating a crisis? | |
| |
| |
When crisis management becomes the problem | |
| |
| |
Developing crisis strategy | |
| |
| |
Turning threats into opportunities | |
| |
| |
Boosting market capitalization | |
| |
| |
Anticipating events | |
| |
| |
Anticipating opportunities | |
| |
| |
Designing crisis team structures | |
| |
| |
How many teams? | |
| |
| |
Who takes the lead? | |
| |
| |
Ideal team dynamics | |
| |
| |
Multi-agency teams | |
| |
| |
The perfect environment | |
| |
| |
The challenge of the virtual environment | |
| |
| |
Protocols for virtual team working | |
| |
| |
Exercising the crisis team | |
| |
| |
Learning from incidents | |
| |
| |
| |
Zen and the art of risk management | |
| |
| |
East meets West | |
| |
| |
The nature of risks | |
| |
| |
Who invented risk management? | |
| |
| |
We could be so lucky | |
| |
| |
Components of risk | |
| |
| |
Gross or net risk? | |
| |
| |
Don�t lose sight of business | |
| |
| |
How big is your appetite? | |
| |
| |
It�s an emotional thing | |
| |
| |
In the eye of the beholder | |
| |
| |
What risk was that? | |
| |
| |
Living in the past | |
| |
| |
Who created that risk? | |
| |
| |
It�s not my problem | |
| |
| |
Size matters | |
| |
| |
Getting your sums right | |
| |
| |
Some facts are counter-intuitive | |
| |
| |
The loaded dice | |
| |
| |
The answer is 42 | |
| |
| |
It�s just an illusion | |
| |
| |
Context is king | |
| |
| |
Perception and reality | |
| |
| |
It�s a relative thing | |
| |
| |
Risk, what risk? | |
| |
| |
Something wicked this way comes | |
| |
| |
The black swan | |
| |
| |
Double jeopardy | |
| |
| |
What type of risk? | |
| |
| |
Lessons from the process industries | |
| |
| |
Lessons from cost engineering | |
| |
| |
Lessons from the financial sector | |
| |
| |
Lessons from the insurance field | |
| |
| |
The limits of percentage play | |
| |
| |
Operational risk | |
| |
| |
Joining up risk management | |
| |
| |
General or specific? | |
| |
| |
Identifying and ranking risks | |
| |
| |
Using checklists | |
| |
| |
Categories of risks | |
| |
| |
It�s a moving target | |
| |
| |
Comparing and ranking risks | |
| |
| |
Risk management strategies | |
| |
| |
Communicating risk appetite | |
| |
| |
Risk management maturity | |
| |
| |
There�s more to security than risk | |
| |
| |
It�s a decision support tool | |
| |
| |
The perils of risk assessment | |
| |
| |
Learning from risk management | |
| |
| |
| |
Who can you trust? | |
| |
| |
An asset or a liability? | |
| |
| |
People are different | |
| |
| |
The rule of four | |
| |
| |
The need to conform | |
| |
| |
Understand your enemies | |
| |
| |
The face of the enemy | |
| |
| |
Run silent, run deep | |
| |
| |
Dreamers and charmers | |
| |
| |
The unfashionable hacker | |
| |
| |
The psychology of scams | |
| |
| |
Visitors are welcome | |
| |
| |
Where loyalties lie | |
| |
| |
Signs of disloyalty | |
| |
| |
The whistleblower | |
| |
| |
Stemming the leaks | |
| |
| |
Stamping out corruption | |
| |
| |
Know your staff | |
| |
| |
We know what you did | |
| |
| |
Reading between the lines | |
| |
| |
Liberty or death | |
| |
| |
Personality types | |
| |
| |
Personalities and crime | |
| |
| |
The dark triad | |
| |
| |
Cyberspace is less risky | |
| |
| |
Set a thief | |
| |
| |
It�s a glamor profession | |
| |
| |
There are easier ways | |
| |
| |
I just don�t believe it | |
| |
| |
Don�t lose that evidence | |
| |
| |
They had it coming | |
| |
| |
The science of investigation | |
| |
| |
The art of interrogation | |
| |
| |
Secure by design | |
| |
| |
Science and snake oil | |
| |
| |
The art of hypnosis | |
| |
| |
The power of suggestion | |
| |
| |
It�s just an illusion | |
| |
| |
It pays to cooperate | |
| |
| |
Artificial trust | |
| |
| |
Who are you? | |
| |
| |
How many identities? | |
| |
| |
Laws of identity | |
| |
| |
Learning from people | |
| |
| |
| |
Managing organization culture and politics | |
| |
| |
When worlds collide | |
| |
| |
What is organization culture? | |
| |
| |
Organizations are different | |
| |
| |
Organizing for security | |
| |
| |
Tackling "localities" | |
| |
| |
Small is beautiful | |
| |
| |
In search of professionalism | |
| |
| |
Developing careers | |
| |
| |
Skills for information security | |
| |
| |
Information skills | |
| |
| |
Survival skills | |
| |
| |
Navigating the political minefield | |
| |
| |
Square pegs and round holes | |
| |
| |
What�s in a name? | |
| |
| |
Managing relationships | |
| |
| |
Exceeding expectations | |
| |
| |
Nasty or nice | |
| |
| |
In search of a healthy security culture | |
| |
| |
In search of a security mindset | |
| |
| |
Who influences decisions? | |
| |
| |
Dealing with diversity | |
| |
| |
Don�t take yes for an answer | |
| |
| |
Learning from organization culture and politics | |
| |
| |
| |
Designing effective awareness programs | |
| |
| |
Requirements for change | |
| |
| |
Understanding the problem | |
| |
| |
Asking the right questions | |
| |
| |
The art of questionnaire design | |
| |
| |
Hitting the spot | |
| |
| |
Campaigns that work | |
| |
| |
Adapting to the audience | |
| |
| |
Memorable messages | |
| |
| |
Let�s play a game | |
| |
| |
The power of three | |
| |
| |
Creating an impact | |
| |
| |
What�s in a word? | |
| |
| |
Benefits not features | |
| |
| |
Using professional support | |
| |
| |
The art of technical writing | |
| |
| |
Marketing experts | |
| |
| |
Brand managers | |
| |
| |
Creative teams | |
| |
| |
The power of the external perspective | |
| |
| |
Managing the media | |
| |
| |
Behavioral psychologists | |
| |
| |
Blogging for security | |
| |
| |
Measuring your success | |
| |
| |
Learning to conduct campaigns | |
| |
| |
| |
Transforming organization attitudes and behavior | |
| |
| |
Changing mindsets | |
| |
| |
Reward beats punishment | |
| |
| |
Changing attitudes | |
| |
| |
Scenario planning | |
| |
| |
Successful uses of scenarios | |
| |
| |
Dangers of scenario planning | |
| |
| |
Images speak louder | |
| |
| |
A novel approach | |
| |
| |
The balance of consequences | |
| |
| |
The power of attribution | |
| |
| |
Environments shape behavior | |
| |
| |
Enforcing the rules of the network | |
| |
| |
Encouraging business ethics | |
| |
| |
The art of online persuasion | |
| |
| |
Learning to change behavior | |
| |
| |
| |
Gaining executive board and business buy-in | |
| |
| |
Countering security fatigue | |
| |
| |
Money isn�t everything | |
| |
| |
What makes a good business case? | |
| |
| |
Aligning with investment appraisal criteria | |
| |
| |
Translating benefits into financial terms | |
| |
| |
Aligning with IT strategy | |
| |
| |
Achieving a decisive result | |
| |
| |
Key elements of a good business case | |
| |
| |
Assembling the business case | |
| |
| |
Identifying and assessing benefits | |
| |
| |
Something from nothing | |
| |
| |
Reducing project risks | |
| |
| |
Framing your recommendations | |
| |
| |
Mastering the pitch | |
| |
| |
Learning how to make the business case | |
| |
| |
| |
Designing security systems that work | |
| |
| |
Why systems fail | |
| |
| |
Setting the vision | |
| |
| |
What makes a good vision? | |
| |
| |
Defining your mission | |
| |
| |
Building the strategy | |
| |
| |
Critical success factors for effective governance | |
| |
| |
The smart approach to governance | |
| |
| |
Don�t reinvent the wheel | |
| |
| |
Look for precedents from other fields | |
| |
| |
Take a top down approach | |
| |
| |
Start small, then extend | |
| |
| |
Take a strategic approach | |
| |
| |
Ask the bigger question | |
| |
| |
Identify and assess options | |
| |
| |
Risk assessment or prescriptive controls? | |
| |
| |
In a class of their own | |
| |
| |
Not all labels are the same | |
| |
| |
Guidance for technology and people | |
| |
| |
Designing long-lasting frameworks | |
| |
| |
Applying the fourth dimension | |
| |
| |
Do we have to do that? | |
| |
| |
Steal with caution | |
| |
| |
The golden triangle | |
| |
| |
Managing risks across outsourced supply chains | |
| |
| |
Models, frameworks and architectures | |
| |
| |
Why we need architecture | |
| |
| |
The folly of enterprise security architectures | |
| |
| |
Real-world security architecture | |
| |
| |
The 5 W�s (and one H) | |
| |
| |
Occam�s razor | |
| |
| |
Trust architectures | |
| |
| |
Secure by design | |
| |
| |
Jericho Forum principles | |
| |
| |
Collaboration oriented architecture | |
| |
| |
Forwards not backwards | |
| |
| |
Capability maturity models | |
| |
| |
The power of metrics | |
| |
| |
Closing the loop | |
| |
| |
The importance of ergonomics | |
| |
| |
It�s more than ease of use | |
| |
| |
The failure of designs | |
| |
| |
Ergonomic methods | |
| |
| |
A nudge in the right direction | |
| |
| |
Learning to design systems that work | |
| |
| |
| |
Harnessing the power of the organization | |
| |
| |
The power of networks | |
| |
| |
Surviving in a hostile world | |
| |
| |
Mobilizing the workforce | |
| |
| |
Work smarter, not harder | |
| |
| |
Finding a lever | |
| |
| |
The art of systems thinking | |
| |
| |
Creating virtuous circles | |
| |
| |
Triggering a tipping point | |
| |
| |
Identifying key influencers | |
| |
| |
In search of charisma | |
| |
| |
Understanding fashion | |
| |
| |
The power of context | |
| |
| |
The bigger me | |
| |
| |
The power of the herd | |
| |
| |
The wisdom of crowds | |
| |
| |
Unlimited resources - the power of open source | |
| |
| |
Unlimited purchasing power | |
| |
| |
Let the network to do the work | |
| |
| |
Why is everything getting more complex? | |
| |
| |
Getting to grips with complexity | |
| |
| |
Simple can�t control complex | |
| |
| |
Designing freedom | |
| |
| |
A process-free world | |
| |
| |
The power of expressive systems | |
| |
| |
Emergent behavior | |
| |
| |
Why innovation is important | |
| |
| |
What is innovation? | |
| |
| |
What inspires people to create? | |
| |
| |
Just one idea is enough | |
| |
| |
The art of creative thinking | |
| |
| |
Yes, you can | |
| |
| |
Outside the box | |
| |
| |
Innovation environments | |
| |
| |
Turning ideas into action | |
| |
| |
Steps to innovation heaven | |
| |
| |
The road ahead | |
| |
| |
Mapping the future | |
| |
| |
Learning to harness the power of the organization | |
| |
| |
In conclusion | |