- Hardcover: 568 pages
- Publisher: CRC Press; 2 edition (August 24, 2010)
- Language: English
- ISBN-10: 1439815453
- ISBN-13: 978-1439815458
- Product Dimensions: 6.1 x 1.2 x 9.2 inches
- Shipping Weight: 2.1 pounds (View shipping rates and policies)
- Average Customer Review: 5 customer reviews
- Amazon Best Sellers Rank: #1,652,200 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Managing an Information Security and Privacy Awareness and Training Program, Second Edition 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
"Rebound" by Kwame Alexander
Don't miss best-selling author Kwame Alexander's "Rebound," a new companion novel to his Newbery Award-winner, "The Crossover," illustrated with striking graphic novel panels. Learn more
Frequently bought together
Customers who viewed this item also viewed
Customers who bought this item also bought
The first edition was outstanding. The new second edition is even better - an excellent textbook packed with sound advice and loads of tips to make your security awareness program pull its weight.… engaging and stimulating, easy to read yet at the same time thought-provoking. … chock-full of good ideas, not just theoretical concepts but solid practical advice that can be put to use immediately. A side effect is that there are lots of lists, tables and bullet points but they are well structured and succinctly summarize the key points. …an excellent reference text. Extensive appendices (130 pages) include sample awareness materials and plans, a security glossary, various checklist/questionnaires and references. This is the definitive and indispensable guide for information security and privacy awareness and training professionals, worth every cent. As with the first edition, we recommend it unreservedly.
This book is remarkable because it covers in detail all the facets of providing effective security awareness training…I can, without reservation, recommend use of this book to any organization faced with the need to develop a successful training and awareness program. It surely provides everything you need to know to create a real winner.
―Hal Tipton, from the Foreword
Rebecca Herold has the answers in her definitive book on everything everybody needs to know about how to impart security awareness, training, and motivation. Motivation had been missing from the information security lexicon until Herold put it there in most thorough and effective ways … She demonstrates that security must become a part of job performance rather than being in conflict with job performance… The power of this book also lies in applying real education theory, methods, and practice to teaching security awareness and training … After reading this book, there is no question about the necessary and important roles of security awareness, training, and motivation.
―Donn B. Parker, CISSP, from the Preface
Rebecca Herold, an independent computer security advisor, knows privacy. Not all security consultants do. In her latest book, Managing an Information Security and Privacy Awareness and Training Program, Herold has collected her best advice.
… perfect for lay and professional audiences, this is a guide not for implementing technical necessities but for getting everybody in an organization on board.
―Journal of Productive Innovation
About the Author
Rebecca Herold, LLC, Van Meter, Iowa, USA
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
With all that said, it's understandable. Given today's budget constraints and other demands it's not always possible to develop an awareness program tailored to your organization and its particular users and needs. However, responsible organizations still need to perform the due diligence necessary to evaluate the most appropriate options and deliver the best program possible. If you are committed to this goal there is no better resource than Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold.
While Ms. Herold does not provide detailed content on privacy and information security awareness (although the book is overflowing with references to such material) it does provide an incredibly comprehensive framework for developing and managing a program. It is broken down into 19 chapters and 22 appendices that provide relevant and detailed information on all aspects covering the why, what and how of managing an awareness program. Some key chapters include:
- Why Training and Awareness are Important (provides solid arguments in justifying a comprehensive program)
- Get Executive Support and Sponsorship
- Define Your Message
- Common Corporate Education Mistakes (must reading!!)
- Getting Started (excellent roadmap for any organization)
If you're looking to buttress an argument that privacy and information security awareness training is useful in reducing security incidents, the information in chapter 3 that outlines specific legal and regulatory requirements for doing so will drive your point home.
Although the book is comprehensive, it also serves as a useful quick reference. For instance, in chapter 14 on "Awareness Materials Design and Development" she includes over 250 Awareness ideas - from inviting guest speakers to talk about information security, to creating special fortune cookies with an information security awareness message. This list alone is worth the cost of the book for many organizations trying to come up with new and clever ideas to raise awareness.
Lastly, while this is not a book you will download to your Kindle for a read at the beach, it is very clear and well written. I did not find any significant errors, omissions or outdated information, which unfortunately is all too rare these days in books of this kind.
Forget trolling through myriads of blogs, magazine articles, websites and fluff-filled books. This book is the resource you need.
The book explains the techniques for raising awareness and training employees on a wide range of information security and privacy topics. The entire `lifecycle' of a security awareness program is covered: program initiation - gaining executive sponsorship and support for the value of, and necessity for, a security and privacy awareness program (e.g. to satisfy legislative and regulatory compliance obligations); program design, delivery and execution - identifying target groups and topics to cover, methods of delivery/communications including motivational techniques, sources of awareness materials etc.; program management and review - hints about planning, controlling and evaluating an ongoing (rolling, continuous) security and privacy awareness program, ensuring that it remains on-track and effective.
As well as numerous changes throughout the text, the 2011 second edition incorporates a thought-provoking collection of `leading practices' i.e. short papers from `some of the most successful information security awareness and training practitioners' (besides Rebecca!), bringing the book bang up to date with current thinking. [Disclaimer: I wrote one of them]
Rebecca is extremely well qualified to write about security awareness. With long experience in the field, she has designed, built and delivered prize-winning security awareness programs, and has authored numerous books and articles. An MA in Computer Science and Education lends weight to her emphasis on providing educational materials to suit adult audiences rather than simply adopting techniques more suited to teaching schoolchildren.
At over 500 pages, this is no lightweight superficial textbook. As noted above, the coverage is comprehensive. Just for examples, the list of potential information security topics runs to 60 items explained in 18 pages. The coverage is reasonably even throughout with plenty of meaty content in every section. I can't think of any substantial improvements.
The book may be overwhelming to someone just starting out on their information security and privacy awareness program. The chapter on `Getting started' is a great place to start, with details of how to identify key contacts, review the organization's existing approach to awareness and training, and a handy road-map that would serve as a good starting point for a high level project plan. The book is essential reading for more experienced information security professionals, especially those tasked with `doing awareness'. Even seasoned security awareness practitioners like me will learn new things from this book: my first edition of the book is certainly well-thumbed.
Rebecca's writing style is engaging and stimulating, easy to read yet at the same time thought-provoking. The book is chock-full of good ideas, not just theoretical concepts but solid practical advice that can be put to use immediately. A side effect is that there are lots of lists, tables and bullet points but they are well structured and succinctly summarize the key points. When I'm stuck for awareness ideas, I know I'll almost always find something immediately useful in one or other of the lists: it's an excellent reference text.
Extensive appendices (130 pages) include sample awareness materials and plans, a security glossary, various checklist/questionnaires and references.
Conclusion: this is the definitive and indispensable guide for information security and privacy awareness and training professionals, worth every cent. As with the first edition, I recommend it unreservedly.