Managing the Human Factor in Information Security How to win over staff and influence business managers

With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that Computer users adhere to Corporate Policy and project staff design secure systems. Written by a security expert with more than 25 years' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a Business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals.

Acknowledgements. Foreword. Introduction. Chapter 1: Power to the people. The power is out there - somewhere. An information rich world. When in doubt, phone a friend. Engage with the public. The power of the blogosphere. The future of news. Leveraging new ideas. Changing the way we live. Transforming the Political landscape. Network effects in business. Being there. Value in the digital age. Hidden value in networks. Network innovations create security challenges. Youa??ve been de-perimeterized! The collapse of information management. The shifting focus of information security. The External perspective. A new world of openness. A new age of collaborative working. Collaboration oriented architecture. Business in virtual worlds. Democracy-but not as we know it. Dona??t lock down that network. The future of network security. Can we trust the data? The Art of disinformation. The future of knowledge. The next big security concern. Learning from networks. Chapter 2: Everyone makes a difference. Where to focus your efforts. The view from the bridge. The role of the executive board. The new threat of data leakage. The perspective of business management. The role of the business manager. Engaging with business managers. The role of the IT function. Minding your partners. Computer users. Customers and citizens. Learning from stakeholders. Chapter 3: Therea??s no such thing as an isolated incident. What lies beneath? Accidents waiting to happen. No system is foolproof. Visibility is the key. A Lesson from the safety field. Everyone makes mistakes. The Science of error prevention. Swiss Cheese and security. How significant was that event? Events are for the record. When an event becomes an incident. The immediacy of emergencies. When disaster strikes. When events spiral out of control. How the response process changes. No two crises are the same. One size doesna??t fit all. The Limits of planning. Some Assets are irreplaceable. Ita??s the process, not the plan. Why crisis management is hard. Skills to manage a crisis. Dangerous detail. The missing piece of the jigsaw. Establish the real cause. Are you incubating a crisis? When crisis management becomes the problem. Developing crisis strategy. Turning threats into opportunities. Boosting market capitalization. Anticipating events. Anticipating opportunities. Designing crisis Team structures. How many teams? Who takes the lead? Ideal team dynamics. Multi-agency teams. The perfect environment. The challenge of the virtual environment. Protocols for virtual team working. Exercising the crisis team. Learning from incidents. Chapter 4: Zen and the art of risk management. East meets West. The Nature of risks. Who invented risk management? We could be so lucky. Components of risk. Gross or net risk? Dona??t lose sight of business. How big is your appetite? Ita??s an emotional thing. In the Eye of the beholder. What risk was that? Living in the past. Who created that risk? Ita??s not my problem. Size matters. Getting your sums right. Some facts are counter-intuitive. The loaded dice. The answer is 42. Ita??s just an illusion. Context is king. Perception and reality. Ita??s a relative thing. Risk, what risk? Something wicked this way comes. The black swan. Double jeopardy. What type of risk? Lessons from the process industries. Lessons from Cost engineering. Lessons from the Financial sector. Lessons from the Insurance field. The limits of percentage play. Operational risk. Joining up risk management. General or specific? Identifying and ranking risks. Using checklists. Categories of risks. Ita??s a moving target. Comparing and ranking risks. Risk management strategies. Communicating risk appetite. Risk management maturity. Therea??s more to security than risk. Ita??s a decision support tool. The perils of risk assessment. Learning from risk management. Chapter 5: Who can you trust? An asset or a liability? People are different. The rule of four. The need to conform. Understand your enemies. The Face of the enemy. Run silent, run deep. Dreamers and charmers. The unfashionable hacker. The Psychology of scams. Visitors are welcome. Where loyalties lie. Signs of disloyalty. The whistleblower. Stemming the leaks. Stamping out corruption. Know your staff. We know what you did. Reading between the lines. Liberty or death. Personality types. Personalities and crime. The dark triad. Cyberspace is less risky. Set a thief. Ita??s a glamor profession. There are easier ways. I just dona??t believe it. Dona??t lose that evidence. They had it coming. The science of investigation. The art of interrogation. Secure by design. Science and Snake oil. The art of hypnosis. The power of suggestion. Ita??s just an illusion. It pays to cooperate. Artificial trust. Who are you? How many identities? Laws of identity. Learnin