Includes bibliographical references (pages 163-165) and index.
Cover -- Contents -- Introduction -- What Is Awareness? -- Why Awareness? -- The Rationale For Security Awareness -- Parallel Activities -- How Idiotic? -- Summary -- PART 1 A FRAMEWORK FOR UNDERSTANDING -- Chapter 1 Employee Risk -- Perception of Risk -- Psychology of Risk or 'Why Do People Do Stupid Things?' -- Summary -- Chapter 2 Security Culture -- What Is Culture? -- Cultural Examples -- Summary -- Chapter 3 How Are We Perceived? -- Risk Communication -- Language Use and Perception -- A Barrier, Not an Enabler -- Summary -- Part 1 Summary -- PART 2 A FRAMEWORK FOR IMPLEMENTATION -- Chapter 4 Practical Strategies and Techniques -- A Stepped Approach -- Training -- Guerrilla Techniques -- Summary -- Chapter 5 Measuring Awareness -- The Perils of Metrics and Monitoring -- Measuring Tools and Techniques -- Questionnaire Design -- Summary -- Chapter 6 Delivery Media and Graphic Design -- Design Principles -- Choosing Your Delivery Media -- Intranets and Other Web-based Media -- Other Channels -- Media Effectiveness -- Summary -- Conclusions -- Bibliography -- Index -- A -- B -- C -- D -- E -- F -- G -- H -- I -- J -- K -- L -- M -- N -- O -- P -- Q -- R -- S -- T -- U -- V.
0
Research suggests that between 60-75 per cent of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. "Information Security and Employee Behaviour" will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches. -- Publisher description.
Information security and employee behaviour.
Information security and employee behavior
Business enterprises-- Computer networks-- Security measures.