The Psychology of Information Security - Resolving conflicts between security compliance and human behaviour
BIC: COMPUTING & INFORMATION TECHNOLOGY, COMPUTER SECURITY
BISAC: COMPUTERS / General, COMPUTERS / Security / General
Published: 26 Jan 2016
The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour considers information security from the seemingly opposing viewpoints of security professionals and end users to find the balance between security and productivity. It provides recommendations on aligning a security programme with wider organisational objectives, successfully managing change and improving security culture.
This book cuts to the heart of many of the challenges in risk management, providing advice and tips from interviews as well as models that can be employed easily. Leron manages to do this without being patronising or prescriptive, making it an easy read with some very real practical takeaways. Thom Langford, Chief Information Security Officer at Publicis Groupe
Leron approaches the subject from a psychological angle and will be appealing to both those of a non-technical and a technical background.
Dr David King, Visiting Fellow of Kellogg College, University of Oxford
Based on real world examples the book provides valuable insights into the relationship of information security, compliance, business economics and decision theory. Drawing on interdisciplinary studies, commentary from the field and his own research Leron gives the reader the necessary background and practical tools to drive improvements in their own information security program.
Daniel Schatz, Director for Threat & Vulnerability Management at Thomson Reuters
Based on insights gained from academic research and interviews with UK-based security professionals from various sectors, The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour explains the importance of careful risk management and how to align a security programme with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.
The Psychology of Information Security redresses the balance by considering information security from both end users’ and security professionals’ perspectives. This will help you gain insight into security issues relating to human behaviour and understand how a security culture that puts risk into context promotes compliance.
Ensure the success of your security programme by understanding users' motivations.
1: Introduction to Information Security
2: Risk Management
3: The Complexity of Risk Management
4: Stakeholders and Communication
5: Information Security Governance
6: Problems with Policies
7: How Security Managers Make Decisions
8: How Users Make Decisions
9: Security and Usability
10: Security Culture
11: The Psychology of Compliance
12: Conclusion - Changing the Approach to Security
Analogy 1: Cake and Security
Analogy 2: Poker and Security