Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness
Research suggests that between 60-75% of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches.
What people are saying - Write a review
We haven't found any reviews in the usual places.
Other editions - View all
Annual Loss Expectancy approach awareness initiative behaviour beneﬁts cent Chapter CISSP colour communication Computer Security concem corporate culture decisions developed difﬁcult e-mail easy effective ensure error event example extremely face-to-face interviews feedback ﬁeld ﬁgure ﬁnancial ﬁnd ﬁrst Govemment graphic groupthink hacker impact implementation increase inﬂuence Information Security Forum information security management intemal Intemet intranet investment involved issues Kurt Lewin leaming managing by fact metrics normally operate organization palaeontologists password perceived person Piltdown policies posters potential power distance problem programme Public Key Infrastructure questionnaire questions reduce reﬂect relate Remember requires respondents risk perception schema security awareness security incidents security practitioners security professionals signiﬁcant speciﬁc staff suggest surveys target audience target population techniques Theory X there’s things training needs understand users web-based what’s Whilst