Willkommen, schön sind Sie da!
Logo Ex Libris

Managing the Human Factor in Information Security

  • E-Book (pdf)
  • 384 Seiten
(0) Erste Bewertung abgeben
Alle Bewertungen ansehen
With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterp... Weiterlesen
E-Books ganz einfach mit der kostenlosen Ex Libris-Reader-App lesen. Hier erhalten Sie Ihren Download-Link.
CHF 35.00
Download steht sofort bereit
Informationen zu E-Books
E-Books eignen sich auch für mobile Geräte (sehen Sie dazu die Anleitungen).
E-Books von Ex Libris sind mit Adobe DRM kopiergeschützt: Erfahren Sie mehr.
Weitere Informationen finden Sie hier.


With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.

David Lacey is a leading authority on Information Security management with more than 25 years professional experience, gained in senior leadership roles in Royal Dutch/Shell Group, Royal Mail Group and the British Foreign & Commonwealth Office. David is now a freelance director, researcher, writer and a consultant to organisations, venture capitalists and technology companies. He also writes a leading blog on IT Security for Computer Weekly, the largest circulation UK technology magazine.


"Computers do not commit crimes. People do."

The biggest threat to information security is the "human factor", the influence of people. Even the best people will make mistakes, cause breaches and create security weaknesses that enable criminals to steal, corrupt or manipulate systems and data. The explosion in social networking and mobile computing is intensifying this problem.

For the first time, this book brings together theories and methods which will help you to change and harness people's security behaviour. It will help you to:

  • Understand and manage major crises and risk
  • Appreciate the nature of the insider threat
  • Navigate organization culture and politics
  • Build better awareness programmes
  • Transform user attitudes and behaviour
  • Gain Executive Board buy-in
  • Design management systems that really work
  • Harness the power of your organization

Based on the author's own personal experience of working with large, complex organizations, such as Shell and Royal Mail, this book is written by an information security insider and makes essential reading for all information security professionals.

"We live in an age where social networks, collaborative working and community development are global and commonplace, redefining the role of information security. David takes a dry-as-dust elephant of a subject and expertly serves it up in edible, even tasty, morsels."
JP Rangaswami, Managing Director of BT Design

"A highly entertaining read that will undoubtedly become essential reading for all security professionals."
Professor Fred Piper

"I'm really interested in reading this book and, frankly, once it's published, I'll be one of the first to buy it."
Dr. Eugene Schultz, High Tower Software


Acknowledgements xvii

Foreword xix

Introduction xxi

1 Power to the people 1

The power is out there . . . somewhere 1

An information-rich world 2

When in doubt, phone a friend 3

Engage with the public 4

The power of the blogosphere 4

The future of news 5

Leveraging new ideas 5

Changing the way we live 6

Transforming the political landscape 7

Network effects in business 8

Being there 9

Value in the digital age 9

Hidden value in networks 10

Network innovations create security challenges 12

You've been de-perimeterized! 14

The collapse of information management 15

The shifting focus of information security 15

The external perspective 17

A new world of openness 18

A new age of collaborative working 19

Collaboration-oriented architecture 20

Business in virtual worlds 21

Democracy . . . but not as we know it 22

Don't lock down that network 23

The future of network security 24

Can we trust the data? 25

The art of disinformation 27

The future of knowledge 28

The next big security concern 30

Learning from networks 31

2 Everyone makes a difference 33

Where to focus your efforts 33

The view from the bridge 34

The role of the executive board 35

The new threat of data leakage 36

The perspective of business management 38

The role of the business manager 39

Engaging with business managers 40

The role of the IT function 41

Minding your partners 42

Computer users 43

Customers and citizens 44

Learning from stakeholders 44

3 There's no such thing as an isolated incident 47

What lies beneath? 47

Accidents waiting to happen 48

No system is foolproof 49

Visibility is the key 49

A lesson from the safety field 50

Everyone makes mistakes 52

The science of error prevention 53

Swiss cheese and security 54

How significant was that event? 55

Events are for the record 56

When an event becomes an incident 57

The immediacy of emergencies 57

When disaster strikes 58

When events spiral out of control 58

How the response process changes 59

No two crises are the same 60

One size doesn't fit all 61

The limits of planning 62

Some assets are irreplaceable 63

It's the process, not the plan 63

Why crisis management is hard 64

Skills to manage a crisis 65

Dangerous detail 67

The missing piece of the jigsaw 67

Establish the real cause 68

Are you incubating a crisis? 69

When crisis management becomes the problem 70

Developing a crisis strategy 70

Turning threats into opportunities 71

Boosting market capitalization 72

Anticipating events 73

Anticipating opportunities 74

Designing crisis team structures 75

How many teams? 76

Who takes the lead? 77

Ideal team dynamics 77

Multi-agency teams 78

The perfect environment 79

The challenge of the virtual environment 80

Protocols for virtual team working 81

Exercising the crisis team 81

Learning from incidents 83

4 Zen and the art of risk management 85

East meetsWest 85

The nature of risks 86

Who invented risk management? 87

We could be so lucky 88

Components of risk 89

Gross or net risk? 90

Don't lose sight of business 91

How big is your appetite? 92

It's an emotional thing 93

In the eye of the beholder 94

What risk was that? 96

Living in the past 96

Who created that risk? 97

It's not my problem 98

Size matters 99

Getting your sums right 99

Some facts are counterintuitive 101

The loaded dice 101

The answer is 42 103

It's just an illusion 103

Context is king 104

Perception and reality 105

It's a relative thing 107

Risk, what risk? 107

Something wicked this way comes 108

The black swan 109

Double jeopardy 110

What type of risk? 111

Lessons from the process industries 112

Lessons from cost engineering 113

Lessons from the financial sector 113

Lessons from the insurance field 115

The limits of percentage play 116

Operational risk 116

Joining up risk management 117

General or specific? 119

Identifying and ranking risks 120

Using checklists 122

Categories of risks 122

It's a moving target 123

Comparing and ranking risks 124

Risk management strategies 125

Communicating risk appetite 126

Risk management maturity 127

There's more to security than risk 128



Titel: Managing the Human Factor in Information Security
Untertitel: How to win over staff and influence business managers
EAN: 9780470742082
ISBN: 978-0-470-74208-2
Digitaler Kopierschutz: Adobe-DRM
Format: E-Book (pdf)
Herausgeber: Wiley
Genre: Informatik, EDV
Anzahl Seiten: 384
Veröffentlichung: 11.02.2009
Jahr: 2009
Untertitel: Englisch
Dateigrösse: 1.9 MB