With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.
Managing the Human Factor in Information Security
and over one million other books are available for Amazon Kindle.
Learn more
FREE Two-Day Shipping for students on millions of items. Learn more |
| |||||||||||||||
Ace your tech certification test with resources from Certification Central. Get guides for a full range of certifications--from CCNA and SQL server to PMP and Network+. Explore more. |
Book Description
Special Offers and Product Promotions
- Buy $50 in qualifying physical textbooks, get $2 in Amazon MP3 Credit. Here's how (restrictions apply)
Frequently Bought Together
Editorial Reviews
Review
"...an engaging read." (Information Age, May 2009) "I found the book enjoyable and easy to read. It is very informative, and gives good references" (Infosecurity, June 2009) ‘For a big book-in size and in ambition- it's most readable.' (Professional Security, September 2010).
From the Back Cover
“Computers do not commit crimes. People do.”
The biggest threat to information security is the “human factor”, the influence of people. Even the best people will make mistakes, cause breaches and create security weaknesses that enable criminals to steal, corrupt or manipulate systems and data. The explosion in social networking and mobile computing is intensifying this problem.
For the first time, this book brings together theories and methods which will help you to change and harness people’s security behaviour. It will help you to:
- Understand and manage major crises and risk
- Appreciate the nature of the insider threat
- Navigate organisation culture and politics
- Build better awareness programmes
- Transform user attitudes and behaviour
- Gain Executive Board buy-in
- Design management systems that really work
- Harness the power of your organisation
Based on the author’s own personal experience of working with large, complex organisations, such as Shell and Royal Mail, this book is written by an information security insider and makes essential reading for all information security professionals.
“We live in am age where social networks, collaborative working and community development are global and commonplace, redefining the role of information security. David takes a dry-as-dust elephant of a subject and expertly serves it up in edible, even tasty, morsels.” JP Rangaswami, Managing Director of BT Design.
“A highly entertaining read that will undoubtedly become essential reading for all security professionals.” Professor Fred Piper
“I’m really interested in reading this book and, frankly, once it’s published, I’ll be one of the first to buy it.” Dr. Eugene Schultz, High Tower Software
Product Details
Would you like to update product info or give feedback on images?
|
More About the Author
Discover books, learn about writers, read author blogs, and more.
Customer Reviews
Most Helpful Customer Reviews
1 of 1 people found the following review helpful
Format:Paperback|Amazon Verified Purchase
This book concerns the influence of people in protecting information assets. As such, although not explicitly stated in the text, it appears to be aimed primarily at information security managers and other infosec professionals.
As the author himself puts it in the introduction, "This book aims to identify and make sense of the wide range of human an organizational challenges that we face in managing security in today's networked world. It provides helpful advice on how to manage incidents and risks, design and sell management systems, promote security awareness, change attitudes and behavior, and how to leverage the power of social networks to get the best out [of] the organization."
David Lacey is a greybeard, an experienced security guru. He has worked in information security for more than two decades for the Royal Dutch/Shell Group, the Royal Mail/The Post Office Group and the UK Foreign and Commonwealth Office and is now consulting. He was a founder member of the Jericho Forum, and essentially wrote the first version of BS7799 that was based on Shell's security manual. He uses situations at these organizations as examples to illustrate most of the points he makes in the book. The illustrations are insightful and worthwhile, but sometimes I wished for examples from other organizations and perhaps even counter-examples: if David ever writes a second edition, I for one would love to contribute some of my work experiences and I'm convinced the book would have benefited from a wider range of inputs from additional experienced authors. That said, it is a admirable feat for one person to have written such a comprehensive treatise alone.
`Managing the human factors' scores highly on both breadth and depth. It covers a surprisingly wide range of topics relating to the human aspects of information security, mostly from management and operational perspectives, with some governance points relating to the organization of the information security management function. The book has depth too, while remaining generally pragmatic rather than theoretic or academic in style. It does not dip far into the science of human behavior, for example. It is not a psychology textbook.
Each chapter concludes with an excellent summary of the key points covered - not just the semi-automated content extraction or regurgitation that we often read elsewhere but a thoughtful and succinct consolidation of the main issues. These sections are titled `Learning from ...' with good reason: these are indeed the learning points, and equally serve as a reminder of the content of each chapter when the reader takes the book back off the shelf later.
The book might have benefited from more discussion of psychology, perhaps exploring the intriguing psychological profile of the "typical" hacker or fraudster (if there is such a beast) and the underground social networks used by the hacker and criminal communities, at least in the sense of `know your enemy'. Appreciating the motivations and ethical values of such adversaries informs information security risk assessments, and to some extent guides the prioritization of certain classes of information security control.
`Managing the human factor' is excellent value for money. I highly recommend it for all information security professionals, particularly CISOs and Information Security Managers who are not entirely comfortable with the social elements of information security, and for information security MSc students who want to boost their understanding in this area. The book is particularly valuable also for information security awareness and training professionals who necessarily deal with human factors on a daily basis, and need to understand how best to work with and influence their organizational cultures.
As the author himself puts it in the introduction, "This book aims to identify and make sense of the wide range of human an organizational challenges that we face in managing security in today's networked world. It provides helpful advice on how to manage incidents and risks, design and sell management systems, promote security awareness, change attitudes and behavior, and how to leverage the power of social networks to get the best out [of] the organization."
David Lacey is a greybeard, an experienced security guru. He has worked in information security for more than two decades for the Royal Dutch/Shell Group, the Royal Mail/The Post Office Group and the UK Foreign and Commonwealth Office and is now consulting. He was a founder member of the Jericho Forum, and essentially wrote the first version of BS7799 that was based on Shell's security manual. He uses situations at these organizations as examples to illustrate most of the points he makes in the book. The illustrations are insightful and worthwhile, but sometimes I wished for examples from other organizations and perhaps even counter-examples: if David ever writes a second edition, I for one would love to contribute some of my work experiences and I'm convinced the book would have benefited from a wider range of inputs from additional experienced authors. That said, it is a admirable feat for one person to have written such a comprehensive treatise alone.
`Managing the human factors' scores highly on both breadth and depth. It covers a surprisingly wide range of topics relating to the human aspects of information security, mostly from management and operational perspectives, with some governance points relating to the organization of the information security management function. The book has depth too, while remaining generally pragmatic rather than theoretic or academic in style. It does not dip far into the science of human behavior, for example. It is not a psychology textbook.
Each chapter concludes with an excellent summary of the key points covered - not just the semi-automated content extraction or regurgitation that we often read elsewhere but a thoughtful and succinct consolidation of the main issues. These sections are titled `Learning from ...' with good reason: these are indeed the learning points, and equally serve as a reminder of the content of each chapter when the reader takes the book back off the shelf later.
The book might have benefited from more discussion of psychology, perhaps exploring the intriguing psychological profile of the "typical" hacker or fraudster (if there is such a beast) and the underground social networks used by the hacker and criminal communities, at least in the sense of `know your enemy'. Appreciating the motivations and ethical values of such adversaries informs information security risk assessments, and to some extent guides the prioritization of certain classes of information security control.
`Managing the human factor' is excellent value for money. I highly recommend it for all information security professionals, particularly CISOs and Information Security Managers who are not entirely comfortable with the social elements of information security, and for information security MSc students who want to boost their understanding in this area. The book is particularly valuable also for information security awareness and training professionals who necessarily deal with human factors on a daily basis, and need to understand how best to work with and influence their organizational cultures.
0 of 3 people found the following review helpful
Format:Paperback
Until the author further elaborates on
"Social networks also present threats to
democracy in politics and business" (p. 32)
it's firm 3.
Please, post me on the development.
"Social networks also present threats to
democracy in politics and business" (p. 32)
it's firm 3.
Please, post me on the development.
Inside This Book
(learn more)
What Other Items Do Customers Buy After Viewing This Item?
Suggested Tags from Similar Products(What's this?)Be the first one to add a relevant tag (keyword that's strongly related to this product).
|
Customer Discussions
|
This product's forum
Active discussions in related forums
Search Customer Discussions
|
Related forums
|
Listmania!
|
|
So You'd Like to...
Look for Similar Items by Category
- Books > Business & Investing > Management & Leadership > Leadership
- Books > Computers & Technology > Business & Culture > Hacking
- Books > Computers & Technology > Business & Culture > Manager's Guides to Computing
- Books > Computers & Technology > Certification > CompTIA
- Books > Computers & Technology > Networking > Network Security
- Books > New & Used Textbooks > Business & Finance
- Books > New & Used Textbooks > Computer Science > Networking
