Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness

Front Cover
Gower Publishing, Ltd., 2006 - Business & Economics - 169 pages
0 Reviews
Research suggests that between 60-75% of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches.
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

Introduction
1
Employee Risk
25
Security Culture
45
How Are We Perceived?
65
Summary
77
Delivery Media and Graphic Design
139
Conclusions
161
Index
167
Copyright

Other editions - View all

Common terms and phrases

About the author (2006)

Angus McIlwraith has worked in the field of Information Security and Business Control for 20 years. He has for many years held (and broadcast) the view that Information Security is not making best use of time and resources by failing to address some fundamental issues. By not doing so, time and money is wasted; in some extreme circumstances, lives are being put at risk unnecessarily. Angus' professional experience was gained mainly in Financial Services. He has worked for Lloyds Bank, American Express, NatWest Bank and Standard Life, as well as working as a consultant to a wide range of international organizations. He has spoken at many conferences, including numerous Information Security Forum (ISF) Congresses, the London based COMPSEC conference, the Institute of Internal Auditors annual conference and the British Computer Society Information Security Specialist Group (BCS ISSG). Angus was an elected Member of the ruling Council of the ISF for eight years and was a member of the UK based Banking Information Security Expert Panel (BISEP). He writes regularly for many publications. He held a monthly column in Information Security Management magazine, and provided a monthly piece in Secure Computing magazine for many years.

Bibliographic information