Managing the Human Factor in Information Security and over 2 million other books are available for Amazon Kindle . Learn more

Sign in to turn on 1-Click ordering.
Trade in Yours
For a 2.32 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Image not available

Start reading Managing the Human Factor in Information Security on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers [Paperback]

David Lacey
4.8 out of 5 stars  See all reviews (5 customer reviews)
RRP: 29.99
Price: 25.00 & FREE Delivery in the UK. Details
You Save: 4.99 (17%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 6 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 3 Sept.? Choose Express delivery at checkout. Details


Amazon Price New from Used from
Kindle Edition 22.79  
Paperback 25.00  
Unknown Binding --  
Trade In this Item for up to 2.32
Trade in Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers for an Amazon Gift Card of up to 2.32, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Book Description

23 Jan 2009 0470721995 978-0470721995 1
With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years′ experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real–world examples throughout, this is a must–have guide for security and IT professionals.

Frequently Bought Together

Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers + Security Risk Management: Building an Information Security Risk Management Program from the Ground Up + The Basics of Information Security
Price For All Three: 64.81

Buy the selected items together

Product details

  • Paperback: 384 pages
  • Publisher: John Wiley & Sons; 1 edition (23 Jan 2009)
  • Language: English
  • ISBN-10: 0470721995
  • ISBN-13: 978-0470721995
  • Product Dimensions: 23 x 19 x 2 cm
  • Average Customer Review: 4.8 out of 5 stars  See all reviews (5 customer reviews)
  • Amazon Bestsellers Rank: 293,677 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description


" engaging read." (Information Age, May 2009) "I found the book enjoyable and easy to read. It is very informative, and gives good references" (Infosecurity, June 2009) ‘For a big book–in size and in ambition– it’s most readable.’  (Professional Security, September 2010).

From the Back Cover

“Computers do not commit crimes. People do.” The biggest threat to information security is the “human factor”, the influence of people. Even the best people will make mistakes, cause breaches and create security weaknesses that enable criminals to steal, corrupt or manipulate systems and data. The explosion in social networking and mobile computing is intensifying this problem. For the first time, this book brings together theories and methods which will help you to change and harness people’s security behaviour. It will help you to: Understand and manage major crises and risk Appreciate the nature of the insider threat Navigate organisation culture and politics Build better awareness programmes Transform user attitudes and behaviour Gain Executive Board buy–in Design management systems that really work Harness the power of your organisation Based on the author’s own personal experience of working with large, complex organisations, such as Shell and Royal Mail, this book is written by an information security insider and makes essential reading for all information security professionals. “We live in am age where social networks, collaborative working and community development are global and commonplace, redefining the role of information security. David takes a dry–as–dust elephant of a subject and expertly serves it up in edible, even tasty, morsels.” JP Rangaswami, Managing Director of BT Design. “A highly entertaining read that will undoubtedly become essential reading for all security professionals.” Professor Fred Piper “I’m really interested in reading this book and, frankly, once it’s published, I’ll be one of the first to buy it.” Dr. Eugene Schultz, High Tower Software

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

3 star
2 star
1 star
4.8 out of 5 stars
4.8 out of 5 stars
Most Helpful Customer Reviews
1 of 1 people found the following review helpful
5.0 out of 5 stars Power to the People 10 Aug 2009
This is an excellent book that deserves to be widely read, not just by information security professionals, but by any one with an interest in understanding the human factors in other 'information' disciplines.

In part this book is a distillation of the author's considerable experience in the field, and for that alone worth reading. In part it is a veritable tapas of food for thought, that moves from hypnosis to the power of networks and systems thinking as applied to information security.

I have one criticism and that is in the discussion of Disaster Recovery the underlying model of 'Command and Control' is presented without a counter. It would have been interesting to see the author discuss the Toyota-Aisin P-valve crisis (as cited in Duncan Watt's Six Degrees).

A very worthy addition to my bookshelf.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
5.0 out of 5 stars Comprehensive, thought provoking and fun 31 Mar 2009
Format:Paperback|Verified Purchase
This is a wide ranging and thought provoking book covering the human factor in information security.

As an out and out techie, I wouldn't normally expect to find this topic very interesting; but in fact it's fascinating. It covers areas such as risk analysis, presentation skills, business cases and network theory.

I strongly recommend it to all information security professionals.
Comment | 
Was this review helpful to you?
4.0 out of 5 stars ANOTHER BOOK FOR GRANDSON AT UNI 30 Oct 2013
Format:Paperback|Verified Purchase
4 STARS ......would be five stars if I could understand it....and grandson is over the moon because he now has all the books needed for his final year. Neither he nor his parents could afford to buy these...very in depth and a lot of 'speak' I'd never understand.....but he does and he is determined to do the best he can. We also bear in mind that once this final yearis finished he could think about selling them on to other students --- at uni or through Amazon. This last year we ve always depended on Amazon and it couldn't have been easier. Thankyou again Amazon
Comment | 
Was this review helpful to you?
I read this book from cover-to-cover so as not to miss any 'pearls of wisdom' that David has to share with his readers. One could just as naturally use this as a reference book.

Most information security books have a couple of chapters on people and information security, e.g. awareness/training, etc. Do not be deceived into thinking this book is just about 'educating' people about security, although clearly this is covered.

David effectivley turns upsidedown the subject of information security and talks about it in the organisational context that is driven by people. He pulls in organisational dynamics, cultures, politics, everything that can influence your effectiveness in any information security management role/project that you are involved in or driving. He places information security in a full context, i.e. the macro environment.

This book is not written in a theoretical style. It is written as though David Lacey is speaking with you direct, he writes as he speaks. This makes it easy to read.

I recommend this book to all professionals that practice information security management and even managers that are interested in the subject. It will stretch your mind, and answer many questions that you may have never thought to question or ask.
Comment | 
Was this review helpful to you?
1 of 2 people found the following review helpful
5.0 out of 5 stars A SURPRISINGLY GOOD READ 14 Feb 2009
A well-written, varied and very informative book which will appeal to a wide range of business readers.
Comment | 
Was this review helpful to you?
Would you like to see more reviews about this item?
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category