Information security is about people, yet in most organizations protection remains focused on technical countermeasures. The human element is crucial in the majority of successful attacks on systems and attackers are rarely required to find technical vulnerabilities, hacking the human is usually sufficient.Ian Mann turns the black art of social engineering into an information security risk that can be understood, measured and managed effectively. The text highlights the main sources of risk from social engineering and draws on psychological models to explain the basis for human vulnerabilities. Chapters on vulnerability mapping, developing a range of protection systems and awareness training provide a practical and authoritative guide to the risks and countermeasures that are available.There is a singular lack of useful information for security and IT professionals regarding the human vulnerabilities that social engineering attacks tend to exploit. Ian Mann provides a rich mix of examples, applied research and practical solutions that will enable you to assess the level of risk in your organization; measure the strength of your current security and enhance your training and systemic countermeasures accordingly. If you are responsible for physical or information security or the protection of your business and employees from significant risk, then "Hacking the Human" is a must-read.
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Visit the Books Trade-In Store for more details. Learn more. |
Book Description
Frequently Bought Together
Product details
Would you like to update product info or give feedback on images?
|
More About the Author
Discover books, learn about writers, and more.
Product Description
Review
Full of ideas and angles that turn day-to-day security management on its head. For years the security business has ground away at technical issues that company boards don't understand...this book lays open the reality of 'real' security - the security that the CEO understands and worries about. So much about security these days is about fighting mythical hackers using ever-more expensive and poorly-understood gadgetry. As the UK's leading 'white hat' social engineer, Ian Mann has written the definitive text for anyone interested in actually protecting something. The book addresses the 'elephant in the room' that has quietly undermined so much of our efforts. In the past, this issue was used to justify not worrying about security - after all - no matter what we do with the firewalls, someone could just walk in through reception, right? This book sets that straight: Our biggest security worry can be addressed, and in a way that brings the whole subject to life. --Jon Pumfleet, Head of Information Security
About the Author
Ian Mann is Senior System Consultant with ECSC Ltd (www.ecsc.co.uk) a specialist information security consultancy. Ian has worked with a wide range of companies, including a number of leading financial institutions, to help them understand the risk from attacks by social engineers, and to develop effective countermeasures. He is also known for his presentations on the subject.
Inside This Book
(Learn More)
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
Most Helpful Customer Reviews
4 of 4 people found the following review helpful
By A J R
Format:Hardcover
As an information security professional of several years we have always focused on the technical controls to protect the data of an organisation, however the issues that occur in real-life occur in the people through either mistakes or malicious behaviour. It's a matter of when something will happen rather than if and that is where the book focuses.
This book looks at the forgotten child of the information security world, "the person". It goes through the vulnerabilities of them in detail with countless examples which when you read them will make you laugh, until you realise that this could happen in any organisation on any day. Have we ever seen anything go wrong from Information Security without a person interacting somewhere? It looks at the conditioning, the way people learn and their expectations and how easy it can be to prey on what they think.
Once it goes through the vulnerabilities of people it then starts to look at the solutions and the way to become people focused from an Information Security standpoint.
As a book it is a real eye-opener because it makes you stop and think about the vulnerabilities once all the technical controls have been put in place. If you are working within I.S. this book is a great guide as to how to align the people and reduce the risk of something embarrassing happening to you!
This book looks at the forgotten child of the information security world, "the person". It goes through the vulnerabilities of them in detail with countless examples which when you read them will make you laugh, until you realise that this could happen in any organisation on any day. Have we ever seen anything go wrong from Information Security without a person interacting somewhere? It looks at the conditioning, the way people learn and their expectations and how easy it can be to prey on what they think.
Once it goes through the vulnerabilities of people it then starts to look at the solutions and the way to become people focused from an Information Security standpoint.
As a book it is a real eye-opener because it makes you stop and think about the vulnerabilities once all the technical controls have been put in place. If you are working within I.S. this book is a great guide as to how to align the people and reduce the risk of something embarrassing happening to you!
3 of 3 people found the following review helpful
By P. M. Watson
Format:Hardcover
This book redresses the balance by examining an area of security which is often overlooked - you and me! - concentrating on that well known weakest link - people. It adds a new element to risk assessments, and provides numerous examples of how easily we can all fall victim to scams, which can undermine the many and costly technical controls which we deploy. The content balances the sometimes complex technical volumes aimed at developing our understanding of threats and vulnerabilities and how to control them. Such books on security tend to omit, or gloss over, the people factor - we are reminded that the strongest doors and technical controls are of little use if we do not ensure that the person we are dealing with is who they claim to be.
The author's dry sense of humour lightens the theory which helps the reader understand why criminals utilise such tactics, and how we are pre-programmed to fall for them. Some good reference material for anyone involved in security awareness training.
The author's dry sense of humour lightens the theory which helps the reader understand why criminals utilise such tactics, and how we are pre-programmed to fall for them. Some good reference material for anyone involved in security awareness training.
3 of 3 people found the following review helpful
Format:Hardcover
If you are responsible for information security then Hacking the Human makes a refreshing and thought provoking change from traditional security books which frequently focus on technical and physical countermeasures.
The author demonstrates the importance of risk assessing the often overlooked human vulnerability resident within our organisations. People (humans) are regularly targeted and deceived by social engineering techniques however there is very little useful information published for security and IT professionals regarding the exploitation of human vulnerabilities.
With plenty of examples and suggested mitigations this book is a well researched and authoritative guide to 'hacking the human' which will enable security professionals to make more informed security risk assessments.
Whether you get into the NLP content of the book or not you will think differently about your current security and its effectiveness when you realise it might just be bypassed by someone simply carrying a cup of coffee with an air of confidence!
The author demonstrates the importance of risk assessing the often overlooked human vulnerability resident within our organisations. People (humans) are regularly targeted and deceived by social engineering techniques however there is very little useful information published for security and IT professionals regarding the exploitation of human vulnerabilities.
With plenty of examples and suggested mitigations this book is a well researched and authoritative guide to 'hacking the human' which will enable security professionals to make more informed security risk assessments.
Whether you get into the NLP content of the book or not you will think differently about your current security and its effectiveness when you realise it might just be bypassed by someone simply carrying a cup of coffee with an air of confidence!
Would you like to see more reviews about this item?
›
Go to Amazon.com to see both reviews
5.0 out of 5 stars
Were these reviews helpful?
Let us know
Most Recent Customer Reviews
1.0 out of 5 stars
I didnt understand the title
I didnt really understand the title. I probably shouldnt have bought the book.
The title shouldnt have been so confusing.
The title shouldnt have been so confusing.
Published on 23 Jan 2011 by R N N
3.0 out of 5 stars
Disappointing
This book was a pretty big disappointment, especially with such a big price tag. The introduction starts off very promising but the remainder of the book fails to deliver. Read more
Published on 4 Feb 2009 by Mr. Matthew Anderson
Listmania!
|
|
Look for similar items by category
- Books > Business, Finance & Law > E-Commerce > Managers' Guides to Computing
- Books > Business, Finance & Law > Economics
- Books > Business, Finance & Law > Management > Information Management
- Books > Business, Finance & Law > Management > Management Skills > Communication & Presentation > Information Systems
- Books > Business, Finance & Law > Management > Management Skills > Leadership
- Books > Business, Finance & Law > Professional Finance
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
|
