Managing an Information Security and Privacy Awareness and Training Program (Hardcover)

Customers buy this book with Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) by Ben Rothke

+

Price For Both: $64.53

Show availability and shipping details

• This item: Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold

  In Stock.
  Ships from and sold by Amazon.com.
  This item ships for FREE with Super Saver Shipping. Details
  

• Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) by Ben Rothke

  In Stock.
  Ships from and sold by Amazon.com.
  Eligible for FREE Super Saver Shipping on orders over $25. Details
  

Security Education, Awareness and Training: SEAT from Theory to Practice by Carl Roper $57.95

Security Metrics: Replacing Fear, Uncertainty, and Doubt by Andrew Jaquith 4.6 out of 5 stars (20)  $31.49

CISSP Certification All-in-One Exam Guide, Fourth Edition by Shon Harris 4.2 out of 5 stars (31)  $50.39

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments by Douglas J. Landoll 5.0 out of 5 stars (4)  $75.07

The Ciso Handbook: A Practical Guide to Securing Your Company by Michael Gentile 5.0 out of 5 stars (3)  $63.16

› Explore similar items

Review
Rebecca Herold has the answers in her definitive book on everything everybody needs to know about how to impart security awareness, training, and motivation. Motivation had been missing from the information security lexicon until Herold put it there in most thorough and effective ways…She demonstrates that security must become a part of job performance rather than being in conflict with job performance…

Rebecca Herold has the answers in her definitive book on everything everybody needs to know about how to impart security awareness, training, and motivation. Motivation had been missing from the information security lexicon until Herold put it there in most thorough and effective ways…She demonstrates that security must become a part of job performance rather than being in conflict with job performance…

The power of this book also lies in applying real education theory, methods, and practice to teaching security awareness and training…After reading this book, there is no question about the necessary and important roles of security awareness, training, and motivation.
Donn B. Parker, CISSP, from the Preface

The power of this book also lies in applying real education theory, methods, and practice to teaching security awareness and training…After reading this book, there is no question about the necessary and important roles of security awareness, training, and motivation.
Donn B. Parker, CISSP, from the Preface

This book is remarkable because it covers in detail all the facets of providing effective security awareness training…I can, without reservation, recommend use of this book to any organization faced with the need to develop a successful training and awareness program. It surely provides everything you need to know to create a real winner.
Hal Tipton, from the Foreword

This book is remarkable because it covers in detail all the facets of providing effective security awareness training…I can, without reservation, recommend use of this book to any organization faced with the need to develop a successful training and awareness program. It surely provides everything you need to know to create a real winner.
Hal Tipton, from the Foreword

…perfect for lay and professional audiences, this is a guide not for implementing technical necessities but for getting everybody in an organization on board.
Journal of Productive Innovation, 2005
Rebecca Herold, an independent computer security advisor, knows privacy. Not all security consultants do. In her latest book, Managing an Information Security and Privacy Awareness and Training Program, Herold has collected her best advice…Perfect for lay and professional audiences, this is a guide not for implementing technical necessities but for getting everybody in an organization on board.
- Privacy Journal

…perfect for lay and professional audiences, this is a guide not for implementing technical necessities but for getting everybody in an organization on board.
Journal of Productive Innovation, 2005
Rebecca Herold, an independent computer security advisor, knows privacy. Not all security consultants do. In her latest book, Managing an Information Security and Privacy Awareness and Training Program, Herold has collected her best advice…Perfect for lay and professional audiences, this is a guide not for implementing technical necessities but for getting everybody in an organization on board.
- Privacy Journal

Product Description
Managing an Information Security and Privacy Awareness and Training Program provides a starting point and an all-in-one resource for infosec and privacy education practitioners who are building programs for their organizations. The author applies knowledge obtained through her work in education, creating a comprehensive resource of nearly everything involved with managing an infosec and privacy training course. This book includes examples and tools from a wide range of businesses, enabling readers to select effective components that will be beneficial to their enterprises. The text progresses from the inception of an education program through development, implementation, delivery, and evaluation.

See all Editorial Reviews

First Sentence:
It is worthwhile to take a brief look at workplace training and awareness history. Read the first page Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
effectiveness evaluation framework, job appraisal process, customer privacy issues, evaluation average rating, privacy incidents, awareness logos, privacy champions, privacy training, privacy awareness, customer privacy policies, privacy newsletters, obtain executive sponsorship, privacy icon, privacy manager, daily job responsibilities, privacy efforts, privacy activities, privacy objectives, security awareness program, privacy topics, privacy education, corporate information security, privacy roles, privacy goals, information security awareness Key Phrases - Capitalized Phrases (CAPs): (learn more)
Data Collection Method, Instruments Data Sources, Computer Security Institute, Melissa Guenther, Awareness Example, Training Example, Broad Program Objective, Privacy Act, Special Publication, Demographic Information, Evaluate Education Effectiveness, International Computer Security Day, Size Delivery Method, Common Corporate Education Mistakes, False Question, Knowledge Generation, Ponemon Institute, Today's Date New!
Books on Related Topics | Concordance | Text Stats Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!

Search Inside This Book:

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

6 Reviews 5 star:  (5) 4 star:  (1) 3 star:    (0) 2 star:    (0) 1 star:    (0)           Average Customer Review 4.8 out of 5 stars (6 customer reviews)		Share your thoughts with other customers: Create your own review
Most Helpful Customer Reviews   16 of 16 people found the following review helpful: 5.0 out of 5 stars THE Definitive Book on Information Security Practice, July 24, 2005 By  Dr. Stephenson - See all my reviews I'll begin by saying that I have two broad comments about Ms. Herold's new book, Managing an Information Security and Privacy Awareness and Training Program. First, it may be the definitive book on the topic and seems to have enough meat to be the definitive book on the practice of information security in general. It approaches the profession in the right way: people-oriented. That is rare and important. Second, I actually read it from cover to cover - a rare thing for me. Professional books usually find their ways to my reference library and are used mostly for that purpose, not for general reading. In the over twenty years I have been in the information security profession I have seen a lot of approaches to managing the security of organizational information. There is one common thread that ties all of those approaches together. The successful ones address the people who use and manage that information. Technology simply is a collection of tools to assist the information assurance manager with the task. It has been said that there are management solutions to technical problems but no technical issues to management problems. Ms. Herold addresses this homily head-on and does it with style, personality and skill. Her experience shows as does the commentary from two icons in our profession, Donn Parker and Hal Tipton. If you have any questions about whether you should buy this book, read their comments in the Preface and Forward. I have known Becky for many years and I respect her skill, experience and ability to present important issues clearly, concisely and understandably. Her latest book does all that and more. If I was told that I was moving to a new office and could take only two boxes of books with me from my library, I would fill both with technical books but I would leave space for the only two general books on information assurance I will ever need. One is "The Computer Security Handbook" edited by my good friend and long-time colleague Dr. Mich Kabay. The other would have to be "Managing an Information Security and Privacy Awareness and Training Program". It would take more than the two boxes to cover technical issues in security, but I could put Mich's and Becky's books in my brief case. Then I would have the perfect security library. This book is highly recommended for any information assurance professional (or aspiring professional), manager with information assurance responsibilities, or training coordinator. I'm sure there are others who need this new offering as well, but Amazon only allows so much space for these reviews. I also will be highly recommend this book to our students in the MSIA program at Norwich. Peter R. Stephenson, PhD, CISSP, CISM, FICAF Associate Program Director, MSIA Norwich University Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)   6 of 6 people found the following review helpful: 5.0 out of 5 stars At last - a security awareness book worth recommending!, January 1, 2006 By  Dr. G. Hinson "NoticeBored.com" (New Zealand) - See all my reviews (REAL NAME)    The author introduces her book very eloquently: "I wrote this book to provide a starting point and an all-in-one resource for information security and privacy education practitioners. I incorporated much of the information and knowledge I obtained while working on my MA in computer science and education as applicable to providing education to adult learners. Additionally, I included the same type of information that I've used and found helpful over the years when creating awareness and training programs ... My goal was to provide a more comprehensive resource of everything involved with managing an information security and privacy training and awareness program than I had been able to find - a reference for practitioners to go to when implementing any part of their education program and get ideas that will help them be successful with their own program." The entire `lifecycle' of a security awareness program is covered from program design (e.g. why awareness is important, legal and regulatory requirements and even `how not to do it') through program delivery and execution (getting started, gaining executive sponsorship and budget, topics to cover, methods of delivery/communications and motivational techniques, incorporating awareness into job responsibilities etc.) to program management (hints about planning, controlling and reporting progress) and program review (how to check that your program remains on-track and effective). The book may appear overwhelming to someone just starting out on their information security and privacy awareness although it is not compulsory to read the entire book cover-to-cover in one sitting (tempting though that may be!). The chapter on `Getting started' is recommended reading, with details of how to identify key contacts, review the organization's existing approach to awareness and training, and a handy road-map that would serve as a good high level project plan. For more experienced information security professionals, and especially those considering or tasked with `doing awareness', this book is a must-read. Even seasoned security awareness practitioners would likely learn new things from this book, at least I did and suspect my copy will become well-thumbed in the months and years ahead. The coverage is reasonably even throughout with plenty of meaty content in every section. The writing style is engaging, quite easy to read yet at the same time stimulating and thought provoking. The book is crammed full of good ideas, not just theoretical concepts but solid practical advice that can be put to use immediately. It really is hard to think of any way the book could have been better - praise indeed if you have read any of my reviews of other security awareness books. This really *is* the definitive guide - a wonderful book for practitioners in our field, one I'm happy to recommend unreservedly. Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)   5 of 5 people found the following review helpful: 5.0 out of 5 stars The definitive reference on creating an information security, May 16, 2005 By  Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)    Managing an Information Security and Privacy Awareness and Training Program is without a doubt the definitive reference on creating an information security awareness program Behind most information security problems are users who are untrained in security or unaware of the security risks. Millions of dollars of firewalls and cryptography can be bypassed by an unaware end-user. Managing an Information Security and Privacy Awareness and Training Program is a tremendous book that can be used as a foundation for an effective and comprehensive information security awareness program. The book contains the fundamental and metrics of why you need an awareness program, and everything you need to set up such a program. The book is filled with good and advice and direction. Chapter 14 contains 143 methods for effective awareness. The other chapters provide equally effective information and advice. At 500 pages, this book contains everything you need to know about creating and setting up an effective awareness program and is highly recommended. Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this) Share your thoughts with other customers: Create your own review › See all 6 customer reviews...		Ad feedback   Most Recent Customer Reviews 5.0 out of 5 stars A Definitive Roadmap to building a credible and sustainable Information Security and Privacy Awareness and Training Program In this work, Rebecca Herold deftly lays out a framework that is easy to follow and comprehensive. She has skilfully managed to compile material that would otherwise take a... Read more Published 14 months ago by Randolph J Waugh, I.S.P. ITILF... 5.0 out of 5 stars A great investment in your awareness program If your organization is considering a security or privacy awareness program, this book will pay for itself many times over. Read more Published 22 months ago by D. J. Lineman 4.0 out of 5 stars Good, but too long I am not a friend nor acquaintance of Ms. Herold. I believe this is a good book on Awareness Training and would recommend it to professionals in that field and to security... Read more Published on January 14, 2006 by F. Scholl Search Customer Reviews Only search this product's reviews › See all 6 customer reviews...

• Books > Business & Investing > Management & Leadership > Leadership
• Books > Business & Investing > Management & Leadership > Management
• Books > Computers & Internet > Business & Culture > Manager's Guides to Computing
• Books > Computers & Internet > Business & Culture > Privacy
• Books > Computers & Internet > Certification Central > Exams > Security+
• Books > Computers & Internet > Networking > Network Security