Managing the Human Factor in Information Security : How to Win over Staff and Influence Business Managers.

By: Lacey, DavidMaterial type: TextTextPublisher: New York : John Wiley & Sons, Incorporated, 2011Copyright date: ©2010Edition: 1st edDescription: 1 online resource (400 pages)Content type: text Media type: computer Carrier type: online resourceISBN: 9780470742082Subject(s): Computer crimes -- Prevention | Electronic data processing departments -- Security measures | Industries -- Security measures | Information technology -- Security measures | Management -- Employee participation | Management information systems -- Human factorsGenre/Form: Electronic books.Additional physical formats: Print version:: Managing the Human Factor in Information Security : How to Win over Staff and Influence Business ManagersDDC classification: 658.4/78 LOC classification: HF5548.37.L33 2009Online resources: Click to View
Contents:
Intro -- Managing the Human Factor in Information Security -- Contents -- Acknowledgements -- Foreword -- Introduction -- 1 Power to the people -- The power is out there . . . somewhere -- An information-rich world -- When in doubt, phone a friend -- Engage with the public -- The power of the blogosphere -- The future of news -- Leveraging new ideas -- Changing the way we live -- Transforming the political landscape -- Network effects in business -- Being there -- Value in the digital age -- Hidden value in networks -- Network innovations create security challenges -- You've been de-perimeterized! -- The collapse of information management -- The shifting focus of information security -- The external perspective -- A new world of openness -- A new age of collaborative working -- Collaboration-oriented architecture -- Business in virtual worlds -- Democracy . . . but not as we know it -- Don't lock down that network -- The future of network security -- Can we trust the data? -- The art of disinformation -- The future of knowledge -- The next big security concern -- Learning from networks -- 2 Everyone makes a difference -- Where to focus your efforts -- The view from the bridge -- The role of the executive board -- The new threat of data leakage -- The perspective of business management -- The role of the business manager -- Engaging with business managers -- The role of the IT function -- Minding your partners -- Computer users -- Customers and citizens -- Learning from stakeholders -- 3 There's no such thing as an isolated incident -- What lies beneath? -- Accidents waiting to happen -- No system is foolproof -- Visibility is the key -- A lesson from the safety field -- Everyone makes mistakes -- The science of error prevention -- Swiss cheese and security -- How significant was that event? -- Events are for the record.
When an event becomes an incident -- The immediacy of emergencies -- When disaster strikes -- When events spiral out of control -- How the response process changes -- No two crises are the same -- One size doesn't fit all -- The limits of planning -- Some assets are irreplaceable -- It's the process, not the plan -- Why crisis management is hard -- Skills to manage a crisis -- Dangerous detail -- The missing piece of the jigsaw -- Establish the real cause -- Are you incubating a crisis? -- When crisis management becomes the problem -- Developing a crisis strategy -- Turning threats into opportunities -- Boosting market capitalization -- Anticipating events -- Anticipating opportunities -- Designing crisis team structures -- How many teams? -- Who takes the lead? -- Ideal team dynamics -- Multi-agency teams -- The perfect environment -- The challenge of the virtual environment -- Protocols for virtual team working -- Exercising the crisis team -- Learning from incidents -- 4 Zen and the art of risk management -- East meets West -- The nature of risks -- Who invented risk management? -- We could be so lucky -- Components of risk -- Gross or net risk? -- Don't lose sight of business -- How big is your appetite? -- It's an emotional thing -- In the eye of the beholder -- What risk was that? -- Living in the past -- Who created that risk? -- It's not my problem -- Size matters -- Getting your sums right -- Some facts are counterintuitive -- The loaded dice -- The answer is 42 -- It's just an illusion -- Context is king -- Perception and reality -- It's a relative thing -- Risk, what risk? -- Something wicked this way comes -- The black swan -- Double jeopardy -- What type of risk? -- Lessons from the process industries -- Lessons from cost engineering -- Lessons from the financial sector -- Lessons from the insurance field -- The limits of percentage play.
Operational risk -- Joining up risk management -- General or specific? -- Identifying and ranking risks -- Using checklists -- Categories of risks -- It's a moving target -- Comparing and ranking risks -- Risk management strategies -- Communicating risk appetite -- Risk management maturity -- There's more to security than risk -- It's a decision support tool -- The perils of risk assessment -- Learning from risk management -- 5 Who can you trust? -- An asset or a liability? -- People are different -- The rule of four -- The need to conform -- Understand your enemies -- The face of the enemy -- Run silent, run deep -- Dreamers and charmers -- The unfashionable hacker -- The psychology of scams -- Visitors are welcome -- Where loyalties lie -- Signs of disloyalty -- The whistleblower -- Stemming the leaks -- Stamping out corruption -- Know your staff -- We know what you did -- Reading between the lines -- Liberty or death -- Personality types -- Personalities and crime -- The dark triad -- Cyberspace is less risky -- Set a thief -- It's a glamour profession -- There are easier ways -- I just don't believe it -- Don't lose that evidence -- They had it coming -- The science of investigation -- The art of interrogation -- Secure by design -- Science and snake oil -- The art of hypnosis -- The power of suggestion -- It's just an illusion -- It pays to cooperate -- Artificial trust -- Who are you? -- How many identities? -- Laws of identity -- Learning from people -- 6 Managing organization culture and politics -- When worlds collide -- What is organization culture? -- Organizations are different -- Organizing for security -- Tackling 'localitis' -- Small is beautiful -- In search of professionalism -- Developing careers -- Skills for information security -- Information skills -- Survival skills -- Navigating the political minefield.
Square pegs and round holes -- What's in a name? -- Managing relationships -- Exceeding expectations -- Nasty or nice -- In search of a healthy security culture -- In search of a security mindset -- Who influences decisions? -- Dealing with diversity -- Don't take yes for an answer -- Learning from organization culture and politics -- 7 Designing effective awareness programs -- Requirements for change -- Understanding the problem -- Asking the right questions -- The art of questionnaire design -- Hitting the spot -- Campaigns that work -- Adapting to the audience -- Memorable messages -- Let's play a game -- The power of three -- Creating an impact -- What's in a word? -- Benefits not features -- Using professional support -- The art of technical writing -- Marketing experts -- Brand managers -- Creative teams -- The power of the external perspective -- Managing the media -- Behavioural psychologists -- Blogging for security -- Measuring your success -- Learning to conduct campaigns -- 8 Transforming organization attitudes and behaviour -- Changing mindsets -- Reward beats punishment -- Changing attitudes -- Scenario planning -- Successful uses of scenarios -- Dangers of scenario planning -- Images speak louder -- A novel approach -- The balance of consequences -- The power of attribution -- Environments shape behaviour -- Enforcing the rules of the network -- Encouraging business ethics -- The art of on-line persuasion -- Learning to change behaviour -- 9 Gaining executive board and business buy-in -- Countering security fatigue -- Money isn't everything -- What makes a good business case? -- Aligning with investment appraisal criteria -- Translating benefits into financial terms -- Aligning with IT strategy -- Achieving a decisive result -- Key elements of a good business case -- Assembling the business case -- Identifying and assessing benefits.
Something from nothing -- Reducing project risks -- Framing your recommendations -- Mastering the pitch -- Learning how to make the business case -- 10 Designing security systems that work -- Why systems fail -- Setting the vision -- What makes a good vision? -- Defining your mission -- Building the strategy -- Critical success factors for effective governance -- The smart approach to governance -- Don't reinvent the wheel -- Look for precedents from other fields -- Take a top down approach -- Start small, then extend -- Take a strategic approach -- Ask the bigger question -- Identify and assess options -- Risk assessment or prescriptive controls? -- In a class of their own -- Not all labels are the same -- Guidance for technology and people -- Designing long-lasting frameworks -- Applying the fourth dimension -- Do we have to do that? -- Steal with caution -- The golden triangle -- Managing risks across outsourced supply chains -- Models, frameworks and architectures -- Why we need architecture -- The folly of enterprise security architectures -- Real-world security architecture -- The 5Ws (and one H) -- Occam's Razor -- Trust architectures -- Secure by design -- Jericho Forum principles -- Collaboration-oriented architecture -- Forwards not backwards -- Capability maturity models -- The power of metrics -- Closing the loop -- The importance of ergonomics -- It's more than ease of use -- The failure of designs -- Ergonomic methods -- A nudge in the right direction -- Learning to design systems that work -- 11 Harnessing the power of the organization -- The power of networks -- Surviving in a hostile world -- Mobilizing the workforce -- Work smarter, not harder -- Finding a lever -- The art of systems thinking -- Creating virtuous circles -- Triggering a tipping point -- Identifying key influencers -- In search of charisma -- Understanding fashion.
The power of context.
Summary: With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.
Tags from this library: No tags from this library for this title. Log in to add tags.
    Average rating: 0.0 (0 votes)
No physical items for this record

Intro -- Managing the Human Factor in Information Security -- Contents -- Acknowledgements -- Foreword -- Introduction -- 1 Power to the people -- The power is out there . . . somewhere -- An information-rich world -- When in doubt, phone a friend -- Engage with the public -- The power of the blogosphere -- The future of news -- Leveraging new ideas -- Changing the way we live -- Transforming the political landscape -- Network effects in business -- Being there -- Value in the digital age -- Hidden value in networks -- Network innovations create security challenges -- You've been de-perimeterized! -- The collapse of information management -- The shifting focus of information security -- The external perspective -- A new world of openness -- A new age of collaborative working -- Collaboration-oriented architecture -- Business in virtual worlds -- Democracy . . . but not as we know it -- Don't lock down that network -- The future of network security -- Can we trust the data? -- The art of disinformation -- The future of knowledge -- The next big security concern -- Learning from networks -- 2 Everyone makes a difference -- Where to focus your efforts -- The view from the bridge -- The role of the executive board -- The new threat of data leakage -- The perspective of business management -- The role of the business manager -- Engaging with business managers -- The role of the IT function -- Minding your partners -- Computer users -- Customers and citizens -- Learning from stakeholders -- 3 There's no such thing as an isolated incident -- What lies beneath? -- Accidents waiting to happen -- No system is foolproof -- Visibility is the key -- A lesson from the safety field -- Everyone makes mistakes -- The science of error prevention -- Swiss cheese and security -- How significant was that event? -- Events are for the record.

When an event becomes an incident -- The immediacy of emergencies -- When disaster strikes -- When events spiral out of control -- How the response process changes -- No two crises are the same -- One size doesn't fit all -- The limits of planning -- Some assets are irreplaceable -- It's the process, not the plan -- Why crisis management is hard -- Skills to manage a crisis -- Dangerous detail -- The missing piece of the jigsaw -- Establish the real cause -- Are you incubating a crisis? -- When crisis management becomes the problem -- Developing a crisis strategy -- Turning threats into opportunities -- Boosting market capitalization -- Anticipating events -- Anticipating opportunities -- Designing crisis team structures -- How many teams? -- Who takes the lead? -- Ideal team dynamics -- Multi-agency teams -- The perfect environment -- The challenge of the virtual environment -- Protocols for virtual team working -- Exercising the crisis team -- Learning from incidents -- 4 Zen and the art of risk management -- East meets West -- The nature of risks -- Who invented risk management? -- We could be so lucky -- Components of risk -- Gross or net risk? -- Don't lose sight of business -- How big is your appetite? -- It's an emotional thing -- In the eye of the beholder -- What risk was that? -- Living in the past -- Who created that risk? -- It's not my problem -- Size matters -- Getting your sums right -- Some facts are counterintuitive -- The loaded dice -- The answer is 42 -- It's just an illusion -- Context is king -- Perception and reality -- It's a relative thing -- Risk, what risk? -- Something wicked this way comes -- The black swan -- Double jeopardy -- What type of risk? -- Lessons from the process industries -- Lessons from cost engineering -- Lessons from the financial sector -- Lessons from the insurance field -- The limits of percentage play.

Operational risk -- Joining up risk management -- General or specific? -- Identifying and ranking risks -- Using checklists -- Categories of risks -- It's a moving target -- Comparing and ranking risks -- Risk management strategies -- Communicating risk appetite -- Risk management maturity -- There's more to security than risk -- It's a decision support tool -- The perils of risk assessment -- Learning from risk management -- 5 Who can you trust? -- An asset or a liability? -- People are different -- The rule of four -- The need to conform -- Understand your enemies -- The face of the enemy -- Run silent, run deep -- Dreamers and charmers -- The unfashionable hacker -- The psychology of scams -- Visitors are welcome -- Where loyalties lie -- Signs of disloyalty -- The whistleblower -- Stemming the leaks -- Stamping out corruption -- Know your staff -- We know what you did -- Reading between the lines -- Liberty or death -- Personality types -- Personalities and crime -- The dark triad -- Cyberspace is less risky -- Set a thief -- It's a glamour profession -- There are easier ways -- I just don't believe it -- Don't lose that evidence -- They had it coming -- The science of investigation -- The art of interrogation -- Secure by design -- Science and snake oil -- The art of hypnosis -- The power of suggestion -- It's just an illusion -- It pays to cooperate -- Artificial trust -- Who are you? -- How many identities? -- Laws of identity -- Learning from people -- 6 Managing organization culture and politics -- When worlds collide -- What is organization culture? -- Organizations are different -- Organizing for security -- Tackling 'localitis' -- Small is beautiful -- In search of professionalism -- Developing careers -- Skills for information security -- Information skills -- Survival skills -- Navigating the political minefield.

Square pegs and round holes -- What's in a name? -- Managing relationships -- Exceeding expectations -- Nasty or nice -- In search of a healthy security culture -- In search of a security mindset -- Who influences decisions? -- Dealing with diversity -- Don't take yes for an answer -- Learning from organization culture and politics -- 7 Designing effective awareness programs -- Requirements for change -- Understanding the problem -- Asking the right questions -- The art of questionnaire design -- Hitting the spot -- Campaigns that work -- Adapting to the audience -- Memorable messages -- Let's play a game -- The power of three -- Creating an impact -- What's in a word? -- Benefits not features -- Using professional support -- The art of technical writing -- Marketing experts -- Brand managers -- Creative teams -- The power of the external perspective -- Managing the media -- Behavioural psychologists -- Blogging for security -- Measuring your success -- Learning to conduct campaigns -- 8 Transforming organization attitudes and behaviour -- Changing mindsets -- Reward beats punishment -- Changing attitudes -- Scenario planning -- Successful uses of scenarios -- Dangers of scenario planning -- Images speak louder -- A novel approach -- The balance of consequences -- The power of attribution -- Environments shape behaviour -- Enforcing the rules of the network -- Encouraging business ethics -- The art of on-line persuasion -- Learning to change behaviour -- 9 Gaining executive board and business buy-in -- Countering security fatigue -- Money isn't everything -- What makes a good business case? -- Aligning with investment appraisal criteria -- Translating benefits into financial terms -- Aligning with IT strategy -- Achieving a decisive result -- Key elements of a good business case -- Assembling the business case -- Identifying and assessing benefits.

Something from nothing -- Reducing project risks -- Framing your recommendations -- Mastering the pitch -- Learning how to make the business case -- 10 Designing security systems that work -- Why systems fail -- Setting the vision -- What makes a good vision? -- Defining your mission -- Building the strategy -- Critical success factors for effective governance -- The smart approach to governance -- Don't reinvent the wheel -- Look for precedents from other fields -- Take a top down approach -- Start small, then extend -- Take a strategic approach -- Ask the bigger question -- Identify and assess options -- Risk assessment or prescriptive controls? -- In a class of their own -- Not all labels are the same -- Guidance for technology and people -- Designing long-lasting frameworks -- Applying the fourth dimension -- Do we have to do that? -- Steal with caution -- The golden triangle -- Managing risks across outsourced supply chains -- Models, frameworks and architectures -- Why we need architecture -- The folly of enterprise security architectures -- Real-world security architecture -- The 5Ws (and one H) -- Occam's Razor -- Trust architectures -- Secure by design -- Jericho Forum principles -- Collaboration-oriented architecture -- Forwards not backwards -- Capability maturity models -- The power of metrics -- Closing the loop -- The importance of ergonomics -- It's more than ease of use -- The failure of designs -- Ergonomic methods -- A nudge in the right direction -- Learning to design systems that work -- 11 Harnessing the power of the organization -- The power of networks -- Surviving in a hostile world -- Mobilizing the workforce -- Work smarter, not harder -- Finding a lever -- The art of systems thinking -- Creating virtuous circles -- Triggering a tipping point -- Identifying key influencers -- In search of charisma -- Understanding fashion.

The power of context.

With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2018. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.

There are no comments on this title.

to post a comment.

Powered by Koha