One of the biggest cyber security mistakes that organisations make is to focus on technological issues rather than the vulnerabilities introduced by employees.
As a result, some of the most common causes of data breach are neglected, exposing organisations to significant security threats.
But with The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour, Leron Zinatullin redresses that balance.
Using real-world examples, he looks at the role individuals play in an organisation’s information security strategy.
Zinatullin looks at the issue from both end users’ and security professionals’ perspectives, helping readers understand the effects human behaviour has on their work environment.
As he’s our March author of the month, let’s take a closer a look at how Leron Zinatullin’s book can help secure your organisation.
Who is Leron Zinatullin?
Leron Zinatullin is a risk consultant specialising in security strategy, management and delivery.
After obtaining an MSc in information security from University College London, where he focused on the human aspects of security risks, Zinatullin has gone on lead large-scale projects for organisations across the globe.
He has translated that experience into The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour.
“I wrote this book to help security professionals and people who are interested in a career in cyber security to do their job better,” he said.
“Not only do we need to help manage cyber security risks, but also communicate effectively in order to be successful. To achieve this, I suggest starting by understanding the wider organisational context of what we are protecting and why.”
Receive 15% off The Psychology of Information Security throughout March by ordering from the IT Governance Publishing website, and entering the voucher code Leron15.
The Psychology of Information Security
In The Psychology of Information Security, Zinatullin takes a unique look at information security, considering it from the opposing viewpoints of security professionals and end users.
They each play an essential – not to mention interdependent – role in an organisation’s ability to prevent data breaches, with security professionals implementing controls and end users tasked with following them.
As such, organisations must develop a coherent approach between the level of security provided and employees’ ability to continue operating. In other words, it’s no good having a flawless security measure if it stops your staff from doing their job.
Zinatullin’s book helps organisations strike this balance, providing recommendations on how organisations can align their security programme with wider organisational objectives.
As the author notes, “the language of the business and the language of information security are different, and it is the organisation’s responsibility to manage this translation effectively”.
As such, he advises that “a clear link should be preserved between business concerns and countermeasures so that security professionals can demonstrate the value they bring”.
That means understanding the roles that their colleagues play and the security measures that can help them do their job securely.
The latter issue is where many employees fall short. They are unlikely to be aware of the risks associated with their job, let alone how their behaviour affects those risks.
Teaching them those lessons – and getting them to adhere to them – is harder than it looks. And, for security professionals, it’s just as hard to understand why employees make mistakes and which measures are necessary to address these issues.
That’s why The Psychology of Information Security is such a valuable resource. Organisations can use its advice to create a security programme that considers the challenges faced by everybody.
The Psychology of Information Security is available in physical, eBook, ePub and Kindle formats. Find out which format is right for you with our handy guide.
Zinatullin currently works as a chief information security officer for an agile business operating in a highly regulated environment.
He is responsible for driving the cyber risk, resilience, governance and compliance agenda, adjusting to the needs of a dynamic and growing company.
He applies the principles discussed in the book to foster the culture of security and enhance behaviours through training, coaching and continuous improvement. Leron is also an advisor to startups helping them grow and innovate while managing cyber security risks.
You can find more of his advice at zinatullin.com.