Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers Paperback – 23 Jan 2009
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
Customers who bought this item also bought
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?
"...an engaging read." (Information Age, May 2009)
"I found the book enjoyable and easy to read. It is very informative, and gives good references" (Infosecurity, June 2009)
For a big book–in size and in ambition– it s most readable. (Professional Security, September 2010).
From the Back Cover
"Computers do not commit crimes. People do."
The biggest threat to information security is the "human factor", the influence of people. Even the best people will make mistakes, cause breaches and create security weaknesses that enable criminals to steal, corrupt or manipulate systems and data. The explosion in social networking and mobile computing is intensifying this problem.
For the first time, this book brings together theories and methods which will help you to change and harness people′s security behaviour. It will help you to:
- Understand and manage major crises and risk
- Appreciate the nature of the insider threat
- Navigate organization culture and politics
- Build better awareness programmes
- Transform user attitudes and behaviour
- Gain Executive Board buy–in
- Design management systems that really work
- Harness the power of your organization
Based on the author′s own personal experience of working with large, complex organizations, such as Shell and Royal Mail, this book is written by an information security insider and makes essential reading for all information security professionals.
"We live in an age where social networks, collaborative working and community development are global and commonplace, redefining the role of information security. David takes a dry–as–dust elephant of a subject and expertly serves it up in edible, even tasty, morsels."
JP Rangaswami, Managing Director of BT Design
"A highly entertaining read that will undoubtedly become essential reading for all security professionals."
Professor Fred Piper
"I′m really interested in reading this book and, frankly, once it′s published, I′ll be one of the first to buy it."
Dr. Eugene Schultz, High Tower Software
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
In part this book is a distillation of the author's considerable experience in the field, and for that alone worth reading. In part it is a veritable tapas of food for thought, that moves from hypnosis to the power of networks and systems thinking as applied to information security.
I have one criticism and that is in the discussion of Disaster Recovery the underlying model of 'Command and Control' is presented without a counter. It would have been interesting to see the author discuss the Toyota-Aisin P-valve crisis (as cited in Duncan Watt's Six Degrees).
A very worthy addition to my bookshelf.
Most information security books have a couple of chapters on people and information security, e.g. awareness/training, etc. Do not be deceived into thinking this book is just about 'educating' people about security, although clearly this is covered.
David effectivley turns upsidedown the subject of information security and talks about it in the organisational context that is driven by people. He pulls in organisational dynamics, cultures, politics, everything that can influence your effectiveness in any information security management role/project that you are involved in or driving. He places information security in a full context, i.e. the macro environment.
This book is not written in a theoretical style. It is written as though David Lacey is speaking with you direct, he writes as he speaks. This makes it easy to read.
I recommend this book to all professionals that practice information security management and even managers that are interested in the subject. It will stretch your mind, and answer many questions that you may have never thought to question or ask.
As an out and out techie, I wouldn't normally expect to find this topic very interesting; but in fact it's fascinating. It covers areas such as risk analysis, presentation skills, business cases and network theory.
I strongly recommend it to all information security professionals.
Would you like to see more reviews about this item?