Skip to content

Managing the Human Factor in Information Security How to Win over Staff and Influence Business Managers

Spend $50 to get a free DVD!

ISBN-10: 0470721995

ISBN-13: 9780470721995

Edition: 2009

Authors: David Lacey

List price: $50.00
Blue ribbon 30 day, 100% satisfaction guarantee!
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!


With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.
Customers also bought

Book details

List price: $50.00
Copyright year: 2009
Publisher: John Wiley & Sons, Incorporated
Publication date: 2/24/2009
Binding: Paperback
Pages: 398
Size: 7.25" wide x 9.00" long x 1.00" tall
Weight: 1.848
Language: English

Power to the people
The power is out there - somewhere
An information rich world
When in doubt, phone a friend
Engage with the public
The power of the blogosphere
The future of news
Leveraging new ideas
Changing the way we live
Transforming the political landscape
Network effects in business
Being there
Value in the digital age
Hidden value in networks
Network innovations create security challenges
You�ve been de-perimeterized!
The collapse of information management
The shifting focus of information security
The external perspective
A new world of openness
A new age of collaborative working
Collaboration oriented architecture
Business in virtual worlds
Democracy-but not as we know it
Don�t lock down that network
The future of network security
Can we trust the data?
The art of disinformation
The future of knowledge
The next big security concern
Learning from networks
Everyone makes a difference
Where to focus your efforts
The view from the bridge
The role of the executive board
The new threat of data leakage
The perspective of business management
The role of the business manager
Engaging with business managers
The role of the IT function
Minding your partners
Computer users
Customers and citizens
Learning from stakeholders
There�s no such thing as an isolated incident
What lies beneath?
Accidents waiting to happen
No system is foolproof
Visibility is the key
A lesson from the safety field
Everyone makes mistakes
The science of error prevention
Swiss cheese and security
How significant was that event?
Events are for the record
When an event becomes an incident
The immediacy of emergencies
When disaster strikes
When events spiral out of control
How the response process changes
No two crises are the same
One size doesn�t fit all
The limits of planning
Some assets are irreplaceable
It�s the process, not the plan
Why crisis management is hard
Skills to manage a crisis
Dangerous detail
The missing piece of the jigsaw
Establish the real cause
Are you incubating a crisis?
When crisis management becomes the problem
Developing crisis strategy
Turning threats into opportunities
Boosting market capitalization
Anticipating events
Anticipating opportunities
Designing crisis team structures
How many teams?
Who takes the lead?
Ideal team dynamics
Multi-agency teams
The perfect environment
The challenge of the virtual environment
Protocols for virtual team working
Exercising the crisis team
Learning from incidents
Zen and the art of risk management
East meets West
The nature of risks
Who invented risk management?
We could be so lucky
Components of risk
Gross or net risk?
Don�t lose sight of business
How big is your appetite?
It�s an emotional thing
In the eye of the beholder
What risk was that?
Living in the past
Who created that risk?
It�s not my problem
Size matters
Getting your sums right
Some facts are counter-intuitive
The loaded dice
The answer is 42
It�s just an illusion
Context is king
Perception and reality
It�s a relative thing
Risk, what risk?
Something wicked this way comes
The black swan
Double jeopardy
What type of risk?
Lessons from the process industries
Lessons from cost engineering
Lessons from the financial sector
Lessons from the insurance field
The limits of percentage play
Operational risk
Joining up risk management
General or specific?
Identifying and ranking risks
Using checklists
Categories of risks
It�s a moving target
Comparing and ranking risks
Risk management strategies
Communicating risk appetite
Risk management maturity
There�s more to security than risk
It�s a decision support tool
The perils of risk assessment
Learning from risk management
Who can you trust?
An asset or a liability?
People are different
The rule of four
The need to conform
Understand your enemies
The face of the enemy
Run silent, run deep
Dreamers and charmers
The unfashionable hacker
The psychology of scams
Visitors are welcome
Where loyalties lie
Signs of disloyalty
The whistleblower
Stemming the leaks
Stamping out corruption
Know your staff
We know what you did
Reading between the lines
Liberty or death
Personality types
Personalities and crime
The dark triad
Cyberspace is less risky
Set a thief
It�s a glamor profession
There are easier ways
I just don�t believe it
Don�t lose that evidence
They had it coming
The science of investigation
The art of interrogation
Secure by design
Science and snake oil
The art of hypnosis
The power of suggestion
It�s just an illusion
It pays to cooperate
Artificial trust
Who are you?
How many identities?
Laws of identity
Learning from people
Managing organization culture and politics
When worlds collide
What is organization culture?
Organizations are different
Organizing for security
Tackling "localities"
Small is beautiful
In search of professionalism
Developing careers
Skills for information security
Information skills
Survival skills
Navigating the political minefield
Square pegs and round holes
What�s in a name?
Managing relationships
Exceeding expectations
Nasty or nice
In search of a healthy security culture
In search of a security mindset
Who influences decisions?
Dealing with diversity
Don�t take yes for an answer
Learning from organization culture and politics
Designing effective awareness programs
Requirements for change
Understanding the problem
Asking the right questions
The art of questionnaire design
Hitting the spot
Campaigns that work
Adapting to the audience
Memorable messages
Let�s play a game
The power of three
Creating an impact
What�s in a word?
Benefits not features
Using professional support
The art of technical writing
Marketing experts
Brand managers
Creative teams
The power of the external perspective
Managing the media
Behavioral psychologists
Blogging for security
Measuring your success
Learning to conduct campaigns
Transforming organization attitudes and behavior
Changing mindsets
Reward beats punishment
Changing attitudes
Scenario planning
Successful uses of scenarios
Dangers of scenario planning
Images speak louder
A novel approach
The balance of consequences
The power of attribution
Environments shape behavior
Enforcing the rules of the network
Encouraging business ethics
The art of online persuasion
Learning to change behavior
Gaining executive board and business buy-in
Countering security fatigue
Money isn�t everything
What makes a good business case?
Aligning with investment appraisal criteria
Translating benefits into financial terms
Aligning with IT strategy
Achieving a decisive result
Key elements of a good business case
Assembling the business case
Identifying and assessing benefits
Something from nothing
Reducing project risks
Framing your recommendations
Mastering the pitch
Learning how to make the business case
Designing security systems that work
Why systems fail
Setting the vision
What makes a good vision?
Defining your mission
Building the strategy
Critical success factors for effective governance
The smart approach to governance
Don�t reinvent the wheel
Look for precedents from other fields
Take a top down approach
Start small, then extend
Take a strategic approach
Ask the bigger question
Identify and assess options
Risk assessment or prescriptive controls?
In a class of their own
Not all labels are the same
Guidance for technology and people
Designing long-lasting frameworks
Applying the fourth dimension
Do we have to do that?
Steal with caution
The golden triangle
Managing risks across outsourced supply chains
Models, frameworks and architectures
Why we need architecture
The folly of enterprise security architectures
Real-world security architecture
The 5 W�s (and one H)
Occam�s razor
Trust architectures
Secure by design
Jericho Forum principles
Collaboration oriented architecture
Forwards not backwards
Capability maturity models
The power of metrics
Closing the loop
The importance of ergonomics
It�s more than ease of use
The failure of designs
Ergonomic methods
A nudge in the right direction
Learning to design systems that work
Harnessing the power of the organization
The power of networks
Surviving in a hostile world
Mobilizing the workforce
Work smarter, not harder
Finding a lever
The art of systems thinking
Creating virtuous circles
Triggering a tipping point
Identifying key influencers
In search of charisma
Understanding fashion
The power of context
The bigger me
The power of the herd
The wisdom of crowds
Unlimited resources - the power of open source
Unlimited purchasing power
Let the network to do the work
Why is everything getting more complex?
Getting to grips with complexity
Simple can�t control complex
Designing freedom
A process-free world
The power of expressive systems
Emergent behavior
Why innovation is important
What is innovation?
What inspires people to create?
Just one idea is enough
The art of creative thinking
Yes, you can
Outside the box
Innovation environments
Turning ideas into action
Steps to innovation heaven
The road ahead
Mapping the future
Learning to harness the power of the organization
In conclusion