Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Managing an Information Security and Privacy Awareness and Training Program, Second Edition 2nd Edition

4.8 out of 5 stars 4 customer reviews
ISBN-13: 978-1439815458
ISBN-10: 1439815453
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Trade in your item
Get a $2.00
Gift Card.
Have one to sell? Sell on Amazon
Rent On clicking this link, a new layer will be open
$33.39 On clicking this link, a new layer will be open
Buy used On clicking this link, a new layer will be open
$60.59 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$77.55 On clicking this link, a new layer will be open
More Buying Choices
38 New from $57.22 21 Used from $55.00
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Best Books of the Month
See the Best Books of the Month
Want to know our Editors' picks for the best books of the month? Browse Best Books of the Month, featuring our favorite new books in more than a dozen categories.
$77.55 FREE Shipping. Only 4 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • Managing an Information Security and Privacy Awareness and Training Program, Second Edition
  • +
  • Assessing and Managing Security Risk in IT Systems: A Structured Methodology
  • +
  • Information Security Risk Analysis, Third Edition
Total price: $209.67
Buy the selected items together

Editorial Reviews

Review

The first edition was outstanding. The new second edition is even better - an excellent textbook packed with sound advice and loads of tips to make your security awareness program pull its weight.… engaging and stimulating, easy to read yet at the same time thought-provoking. … chock-full of good ideas, not just theoretical concepts but solid practical advice that can be put to use immediately. A side effect is that there are lots of lists, tables and bullet points but they are well structured and succinctly summarize the key points. …an excellent reference text. Extensive appendices (130 pages) include sample awareness materials and plans, a security glossary, various checklist/questionnaires and references. This is the definitive and indispensable guide for information security and privacy awareness and training professionals, worth every cent. As with the first edition, we recommend it unreservedly.
—NoticeBored.com

This book is remarkable because it covers in detail all the facets of providing effective security awareness training…I can, without reservation, recommend use of this book to any organization faced with the need to develop a successful training and awareness program. It surely provides everything you need to know to create a real winner.
—Hal Tipton, from the Foreword

Rebecca Herold has the answers in her definitive book on everything everybody needs to know about how to impart security awareness, training, and motivation. Motivation had been missing from the information security lexicon until Herold put it there in most thorough and effective ways … She demonstrates that security must become a part of job performance rather than being in conflict with job performance… The power of this book also lies in applying real education theory, methods, and practice to teaching security awareness and training … After reading this book, there is no question about the necessary and important roles of security awareness, training, and motivation.
—Donn B. Parker, CISSP, from the Preface

Rebecca Herold, an independent computer security advisor, knows privacy. Not all security consultants do. In her latest book, Managing an Information Security and Privacy Awareness and Training Program, Herold has collected her best advice.
—Privacy Journal

… perfect for lay and professional audiences, this is a guide not for implementing technical necessities but for getting everybody in an organization on board.
—Journal of Productive Innovation

About the Author

Herold is a freelance writer and a trusted information security expert with over 12 years of information security experience. She has developed the corporate privacy program for a major multinational financial corporation. As a consultant, she has helped organizations to identify gaps with privacy-related legislation and laws, and has helped them to create and implement strategies and plans to meet compliance.
NO_CONTENT_IN_FEATURE

Product Details

  • Hardcover: 568 pages
  • Publisher: CRC Press; 2 edition (August 24, 2010)
  • Language: English
  • ISBN-10: 1439815453
  • ISBN-13: 978-1439815458
  • Product Dimensions: 6.1 x 1.2 x 9.2 inches
  • Shipping Weight: 2.1 pounds (View shipping rates and policies)
  • Average Customer Review: 4.8 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Best Sellers Rank: #1,412,103 in Books (See Top 100 in Books)

Customer Reviews

5 star
75%
4 star
25%
3 star
0%
2 star
0%
1 star
0%
See all 4 customer reviews
Share your thoughts with other customers

Top Customer Reviews

By L. Brennan on January 25, 2011
Format: Hardcover Verified Purchase
This book is a must-read for anyone building an information security awareness program. Ms. Herold lays out a fantastic game plan for security awareness for not only the sake of information security, but to meet regulatory compliance as well. For me, this book was used as a reference guide. When I was tasked with developing and improving upon an already existing security awareness program, I used many tactics right from this book. The concept of measuring the effectiveness of the program throughout is woven throughout this book. Being able to show the effectiveness of an information security awareness program is important in the best of times, but as budgets shrink metrics become absolutely critical.
Comment 3 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover Verified Purchase
Rebecca Herold is one of the leading authorities and experts on privacy and information security awareness training. What sets her apart beyond her extensive background in computer science is that of an educator. She is particularly focused on the adult learner and what motivates them. Unfortunately, Privacy and Information Security Awareness training is too often relegated to security specialists who typically do not have a clue on how to effectively develop or manage a program for training users. Treated as just another policy or regulatory mandate that needs to be checked off, it's tasked to an already overburdened security professional. No wonder what often develops is a generic program with no relevance to the organization or the employees role. Or even worse, a "Death by Powerpoint" slideshow masquerading as training.

With all that said, it's understandable. Given today's budget constraints and other demands it's not always possible to develop an awareness program tailored to your organization and its particular users and needs. However, responsible organizations still need to perform the due diligence necessary to evaluate the most appropriate options and deliver the best program possible. If you are committed to this goal there is no better resource than Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold.

While Ms. Herold does not provide detailed content on privacy and information security awareness (although the book is overflowing with references to such material) it does provide an incredibly comprehensive framework for developing and managing a program.
Read more ›
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover
Rebecca Herold introduces her own book very eloquently: "I wrote this book to provide a starting point and an all-in-one resource for information security and privacy education practitioners. I incorporated much of the information and knowledge I obtained while working on my MA in computer science and education as applicable to providing education to adult learners. Additionally, I included the same type of information that I have used and found helpful over the years when creating awareness and training programs ... My goal was to provide a more comprehensive resource of everything involved with managing an information security and privacy training and awareness program than I had been able to find - a reference for practitioners to go to when implementing any part of their education program and get ideas that will help them be successful with their own program."

The book explains the techniques for raising awareness and training employees on a wide range of information security and privacy topics. The entire `lifecycle' of a security awareness program is covered: program initiation - gaining executive sponsorship and support for the value of, and necessity for, a security and privacy awareness program (e.g. to satisfy legislative and regulatory compliance obligations); program design, delivery and execution - identifying target groups and topics to cover, methods of delivery/communications including motivational techniques, sources of awareness materials etc.; program management and review - hints about planning, controlling and evaluating an ongoing (rolling, continuous) security and privacy awareness program, ensuring that it remains on-track and effective.
Read more ›
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover
There is one individual who always has our security and privacy interests first and foremost: Rebecca Herold. Recognized as one of the "Top Influencers in IT Security," one of the "Best Privacy Advisors in the World," and holder of five professional certificates (CIPP, CISM, CISA, CISSP, FLMI), Rebecca is an internationally-known author, blogger, instructor, and consultant specializing in information security, privacy, and compliance.

Rebecca's book, Managing an Information Security and Privacy Awareness and Training Program (2nd Edition) is the definitive read on the subject, but it isn't just for infosec professionals. It offers a wealth of data for professionals in all business units in addition to techies because as Hal Tipton wrote in the foreword, "Information security is now realized by many experts to be more of a people problem than a technical one."

The key is that information security and privacy awareness must become part of an individual's job - something that becomes second nature like effective time management practices. When employees become lax or leaders stop focusing on the importance of information security and privacy, well, we don't want to remind ourselves what happened recently with Epsilon, Sony, Sega, and Citigroup

Also, the information must be clear and engaging. If it is complex, employees will avoid reading the information like the plague. As Rebecca suggests, "Make it easy for personnel to get security and privacy information, and make the information easy to understand...[And] the most important aspect to remember is that security awareness is ongoing and not just an event to do once." Bottom line: make information security and privacy awareness training a regular occurrence.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

Managing an Information Security and Privacy Awareness and Training Program, Second Edition
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
This item: Managing an Information Security and Privacy Awareness and Training Program, Second Edition