"Computers do not commit crimes. People do."The biggest threat to information security is the "human factor", the influence of people. Even the best people will make mistakes, cause breaches and create security weaknesses that enable criminals to steal, corrupt or manipulate systems and data. The explosion in social networking and mobile computing is intensifying this problem.For the first time, this book brings together theories and methods which will help you to change and harness people's security behaviour. It will help you to:* Understand and manage major crises and risk* Appreciate the nature of the insider threat* Navigate organisation culture and politics* Build better awareness programmes* Transform user attitudes and behaviour* Gain Executive Board buy-in* Design management systems that really work* Harness the power of your organisationBased on the author's own personal experience of working with large, complex organisations, such as Shell and Royal Mail, this book is written by an information security insider and makes essential reading for all information security professionals."We live in am age where social networks, collaborative working and community development are global and commonplace, redefining the role of information security. David takes a dry-as-dust elephant of a subject and expertly serves it up in edible, even tasty, morsels." JP Rangaswami, Managing Director of BT Design."A highly entertaining read that will undoubtedly become essential reading for all security professionals." Professor Fred Piper"I'm really interested in reading this book and, frankly, once it's published, I'll be one of the first to buy it." Dr. Eugene Schultz, High Tower Software Zusammenfas g With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems.Acknowledgements.Foreword.Introduction.Chapter 1: Power to the people.Chapter 2: Everyone makes a difference.Chapter 3: There's no such thing as an isolated incident.Chapter 4: Zen and the art of risk management.Chapter 5: Who can you trust?Chapter 6: Managing organization culture and politics.Chapter 7: Designing effective awareness programs.Chapter 8: Transforming organization attitudes and behavior.Chapter 9: Gaining executive board and business buy-in.Chapter 10: Designing security systems that work.Chapter 11: Harnessing the power of the organization....

Autorentext

David Lacey is a leading authority on Information Security management with more than 25 years professional experience, gained in senior leadership roles in Royal Dutch/Shell Group, Royal Mail Group and the British Foreign & Commonwealth Office. David is now a freelance director, researcher, writer and a consultant to organisations, venture capitalists and technology companies. He also writes a leading blog on IT Security for Computer Weekly, the largest circulation UK technology magazine.

Klappentext
"Computers do not commit crimes. People do." The biggest threat to information security is the "human factor", the influence of people. Even the best people will make mistakes, cause breaches and create security weaknesses that enable criminals to steal, corrupt or manipulate systems and data. The explosion in social networking and mobile computing is intensifying this problem. For the first time, this book brings together theories and methods which will help you to change and harness people's security behaviour. It will help you to: * Understand and manage major crises and risk * Appreciate the nature of the insider threat * Navigate organisation culture and politics * Build better awareness programmes * Transform user attitudes and behaviour * Gain Executive Board buy-in * Design management systems that really work * Harness the power of your organisation Based on the author's own personal experience of working with large, complex organisations, such as Shell and Royal Mail, this book is written by an information security insider and makes essential reading for all information security professionals. "We live in am age where social networks, collaborative working and community development are global and commonplace, redefining the role of information security. David takes a dry-as-dust elephant of a subject and expertly serves it up in edible, even tasty, morsels." JP Rangaswami, Managing Director of BT Design. "A highly entertaining read that will undoubtedly become essential reading for all security professionals." Professor Fred Piper "I'm really interested in reading this book and, frankly, once it's published, I'll be one of the first to buy it." Dr. Eugene Schultz, High Tower Software

Zusammenfassung
With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.

Inhalt

Acknowledgements xvii

Foreword xix

Introduction xxi

1 Power to the people 1

The power is out there . . . somewhere 1

An information-rich world 2

When in doubt, phone a friend 3

Engage with the public 4

The power of the blogosphere 4

The future of news 5

Leveraging new ideas 5

Changing the way we live 6

Transforming the political landscape 7

Network effects in business 8

Being there 9

Value in the digital age 9

Hidden value in networks 10

Network innovations create security challenges 12

You've been de-perimeterized! 14

The collapse of information management 15

The shifting focus of information security 15

The external perspective 17

A new world of openness 18

A new age of collaborative working 19

Collaboration-oriented architecture 20

Business in virtual worlds 21

Democracy . . . but not as we know it 22

Don't lock down that network 23

The future of network security 24

Can we trust the data? 25

The art of disinformation 27

The future of knowledge 28

The next big security concern 30

Learning from networks 31

2 Everyone makes a difference 33

Where to focus your efforts 33

The view from the bridge 34

The role of the executive board 35

The new threat of data leakage 36

The perspective of business management 38

The role of the business manager 39

Engaging with business managers 40

The role of the IT function 41

Minding your partners 42

Computer users 43

Customers and citizens 44

Learning from stakeholders 44

3 There's no such thing as an isolated incident 47

What lies beneath? 47

Accidents waiting to happen 48

No system is foolproof 49

Visibility is the key 49

A lesson from the safety field 50

Everyone makes mistakes 52

The science of error prevention 53

Swiss cheese and security 54

How significant was that event? 55

Events are for the record 56

When an event becomes an incident 57

The immediacy of emergencies 57

When disaster strikes 58

When events spiral out of control 58

How the response process changes 59

No two crises are the same 60

One size doesn't fit all 61

The limits of planning 62

Some assets are irreplaceable 63

It's the process, not the plan 63

Why crisis management is hard 64

Skills to manage a crisis 65

Dangerous detail 67

The missing piece of the jigsaw 67

Establish the real cause 68

Are you incubating a crisis? 69

When crisis management becomes the problem 70

Developing a crisis strategy 70

Turning threats int…