Information security professionals can often be ignorant of the impact that implementing security policies in a vacuum can have on end users’ core business activities.
These end users are, in turn, often unaware of the risks they can expose their organisation to, and may even feel justified in finding workarounds because they believe that the organisation values productivity over security.
The end result is a conflict between the security team and the rest of the business, and increased, rather than reduced, risk.
Based on insights gained from academic research as well as interviews with UK-based security professionals from various sectors, The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour addresses this conflict, explaining the importance of careful risk management and how to align a security programme with wider business objectives, and providing methods and techniques to engage stakeholders and encourage buy-in.
Reader review
“This is an easy-to-read, accessible and simple introduction to information security. The style is straightforward, and calls on a range of anecdotes to help the reader through what is often a complicated and hard to penetrate subject.”
– Dr David King, University of Oxford
The Psychology of Information Security is available from IT Governance in various formats (including softcover, Adobe eBook, Kindle and ePub).
____________________________________
New addition to the IT Governance catalogue: The Psychology of Information Security
8 February 2016
The international information security experts IT Governance have added a new title to their catalogue: The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour by Leron Zinatullin.