{"product_id":"managing-the-human-factor-in-information-security-isbn-9780470721995","title":"Managing the Human Factor in Information Security","description":"With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years' experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to buy into a security plan. Illustrated with real-world examples throughout, this is a must-have guide for security and IT professionals. \u003cp\u003eAcknowledgements xvii\u003c\/p\u003e \u003cp\u003eForeword xix\u003c\/p\u003e \u003cp\u003eIntroduction xxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Power to the people 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe power is out there . . . somewhere 1\u003c\/p\u003e \u003cp\u003eAn information-rich world 2\u003c\/p\u003e \u003cp\u003eWhen in doubt, phone a friend 3\u003c\/p\u003e \u003cp\u003eEngage with the public 4\u003c\/p\u003e \u003cp\u003eThe power of the blogosphere 4\u003c\/p\u003e \u003cp\u003eThe future of news 5\u003c\/p\u003e \u003cp\u003eLeveraging new ideas 5\u003c\/p\u003e \u003cp\u003eChanging the way we live 6\u003c\/p\u003e \u003cp\u003eTransforming the political landscape 7\u003c\/p\u003e \u003cp\u003eNetwork effects in business 8\u003c\/p\u003e \u003cp\u003eBeing there 9\u003c\/p\u003e \u003cp\u003eValue in the digital age 9\u003c\/p\u003e \u003cp\u003eHidden value in networks 10\u003c\/p\u003e \u003cp\u003eNetwork innovations create security challenges 12\u003c\/p\u003e \u003cp\u003eYou’ve been de-perimeterized! 14\u003c\/p\u003e \u003cp\u003eThe collapse of information management 15\u003c\/p\u003e \u003cp\u003eThe shifting focus of information security 15\u003c\/p\u003e \u003cp\u003eThe external perspective 17\u003c\/p\u003e \u003cp\u003eA new world of openness 18\u003c\/p\u003e \u003cp\u003eA new age of collaborative working 19\u003c\/p\u003e \u003cp\u003eCollaboration-oriented architecture 20\u003c\/p\u003e \u003cp\u003eBusiness in virtual worlds 21\u003c\/p\u003e \u003cp\u003eDemocracy . . . but not as we know it 22\u003c\/p\u003e \u003cp\u003eDon’t lock down that network 23\u003c\/p\u003e \u003cp\u003eThe future of network security 24\u003c\/p\u003e \u003cp\u003eCan we trust the data? 25\u003c\/p\u003e \u003cp\u003eThe art of disinformation 27\u003c\/p\u003e \u003cp\u003eThe future of knowledge 28\u003c\/p\u003e \u003cp\u003eThe next big security concern 30\u003c\/p\u003e \u003cp\u003eLearning from networks 31\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Everyone makes a difference 33\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhere to focus your efforts 33\u003c\/p\u003e \u003cp\u003eThe view from the bridge 34\u003c\/p\u003e \u003cp\u003eThe role of the executive board 35\u003c\/p\u003e \u003cp\u003eThe new threat of data leakage 36\u003c\/p\u003e \u003cp\u003eThe perspective of business management 38\u003c\/p\u003e \u003cp\u003eThe role of the business manager 39\u003c\/p\u003e \u003cp\u003eEngaging with business managers 40\u003c\/p\u003e \u003cp\u003eThe role of the IT function 41\u003c\/p\u003e \u003cp\u003eMinding your partners 42\u003c\/p\u003e \u003cp\u003eComputer users 43\u003c\/p\u003e \u003cp\u003eCustomers and citizens 44\u003c\/p\u003e \u003cp\u003eLearning from stakeholders 44\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 There’s no such thing as an isolated incident 47\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat lies beneath? 47\u003c\/p\u003e \u003cp\u003eAccidents waiting to happen 48\u003c\/p\u003e \u003cp\u003eNo system is foolproof 49\u003c\/p\u003e \u003cp\u003eVisibility is the key 49\u003c\/p\u003e \u003cp\u003eA lesson from the safety field 50\u003c\/p\u003e \u003cp\u003eEveryone makes mistakes 52\u003c\/p\u003e \u003cp\u003eThe science of error prevention 53\u003c\/p\u003e \u003cp\u003eSwiss cheese and security 54\u003c\/p\u003e \u003cp\u003eHow significant was that event? 55\u003c\/p\u003e \u003cp\u003eEvents are for the record 56\u003c\/p\u003e \u003cp\u003eWhen an event becomes an incident 57\u003c\/p\u003e \u003cp\u003eThe immediacy of emergencies 57\u003c\/p\u003e \u003cp\u003eWhen disaster strikes 58\u003c\/p\u003e \u003cp\u003eWhen events spiral out of control 58\u003c\/p\u003e \u003cp\u003eHow the response process changes 59\u003c\/p\u003e \u003cp\u003eNo two crises are the same 60\u003c\/p\u003e \u003cp\u003eOne size doesn’t fit all 61\u003c\/p\u003e \u003cp\u003eThe limits of planning 62\u003c\/p\u003e \u003cp\u003eSome assets are irreplaceable 63\u003c\/p\u003e \u003cp\u003eIt’s the process, not the plan 63\u003c\/p\u003e \u003cp\u003eWhy crisis management is hard 64\u003c\/p\u003e \u003cp\u003eSkills to manage a crisis 65\u003c\/p\u003e \u003cp\u003eDangerous detail 67\u003c\/p\u003e \u003cp\u003eThe missing piece of the jigsaw 67\u003c\/p\u003e \u003cp\u003eEstablish the real cause 68\u003c\/p\u003e \u003cp\u003eAre you incubating a crisis? 69\u003c\/p\u003e \u003cp\u003eWhen crisis management becomes the problem 70\u003c\/p\u003e \u003cp\u003eDeveloping a crisis strategy 70\u003c\/p\u003e \u003cp\u003eTurning threats into opportunities 71\u003c\/p\u003e \u003cp\u003eBoosting market capitalization 72\u003c\/p\u003e \u003cp\u003eAnticipating events 73\u003c\/p\u003e \u003cp\u003eAnticipating opportunities 74\u003c\/p\u003e \u003cp\u003eDesigning crisis team structures 75\u003c\/p\u003e \u003cp\u003eHow many teams? 76\u003c\/p\u003e \u003cp\u003eWho takes the lead? 77\u003c\/p\u003e \u003cp\u003eIdeal team dynamics 77\u003c\/p\u003e \u003cp\u003eMulti-agency teams 78\u003c\/p\u003e \u003cp\u003eThe perfect environment 79\u003c\/p\u003e \u003cp\u003eThe challenge of the virtual environment 80\u003c\/p\u003e \u003cp\u003eProtocols for virtual team working 81\u003c\/p\u003e \u003cp\u003eExercising the crisis team 81\u003c\/p\u003e \u003cp\u003eLearning from incidents 83\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Zen and the art of risk management 85\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEast meetsWest 85\u003c\/p\u003e \u003cp\u003eThe nature of risks 86\u003c\/p\u003e \u003cp\u003eWho invented risk management? 87\u003c\/p\u003e \u003cp\u003eWe could be so lucky 88\u003c\/p\u003e \u003cp\u003eComponents of risk 89\u003c\/p\u003e \u003cp\u003eGross or net risk? 90\u003c\/p\u003e \u003cp\u003eDon’t lose sight of business 91\u003c\/p\u003e \u003cp\u003eHow big is your appetite? 92\u003c\/p\u003e \u003cp\u003eIt’s an emotional thing 93\u003c\/p\u003e \u003cp\u003eIn the eye of the beholder 94\u003c\/p\u003e \u003cp\u003eWhat risk was that? 96\u003c\/p\u003e \u003cp\u003eLiving in the past 96\u003c\/p\u003e \u003cp\u003eWho created that risk? 97\u003c\/p\u003e \u003cp\u003eIt’s not my problem 98\u003c\/p\u003e \u003cp\u003eSize matters 99\u003c\/p\u003e \u003cp\u003eGetting your sums right 99\u003c\/p\u003e \u003cp\u003eSome facts are counterintuitive 101\u003c\/p\u003e \u003cp\u003eThe loaded dice 101\u003c\/p\u003e \u003cp\u003eThe answer is 42 103\u003c\/p\u003e \u003cp\u003eIt’s just an illusion 103\u003c\/p\u003e \u003cp\u003eContext is king 104\u003c\/p\u003e \u003cp\u003ePerception and reality 105\u003c\/p\u003e \u003cp\u003eIt’s a relative thing 107\u003c\/p\u003e \u003cp\u003eRisk, what risk? 107\u003c\/p\u003e \u003cp\u003eSomething wicked this way comes 108\u003c\/p\u003e \u003cp\u003eThe black swan 109\u003c\/p\u003e \u003cp\u003eDouble jeopardy 110\u003c\/p\u003e \u003cp\u003eWhat type of risk? 111\u003c\/p\u003e \u003cp\u003eLessons from the process industries 112\u003c\/p\u003e \u003cp\u003eLessons from cost engineering 113\u003c\/p\u003e \u003cp\u003eLessons from the financial sector 113\u003c\/p\u003e \u003cp\u003eLessons from the insurance field 115\u003c\/p\u003e \u003cp\u003eThe limits of percentage play 116\u003c\/p\u003e \u003cp\u003eOperational risk 116\u003c\/p\u003e \u003cp\u003eJoining up risk management 117\u003c\/p\u003e \u003cp\u003eGeneral or specific? 119\u003c\/p\u003e \u003cp\u003eIdentifying and ranking risks 120\u003c\/p\u003e \u003cp\u003eUsing checklists 122\u003c\/p\u003e \u003cp\u003eCategories of risks 122\u003c\/p\u003e \u003cp\u003eIt’s a moving target 123\u003c\/p\u003e \u003cp\u003eComparing and ranking risks 124\u003c\/p\u003e \u003cp\u003eRisk management strategies 125\u003c\/p\u003e \u003cp\u003eCommunicating risk appetite 126\u003c\/p\u003e \u003cp\u003eRisk management maturity 127\u003c\/p\u003e \u003cp\u003eThere’s more to security than risk 128\u003c\/p\u003e \u003cp\u003eIt’s a decision support tool 129\u003c\/p\u003e \u003cp\u003eThe perils of risk assessment 130\u003c\/p\u003e \u003cp\u003eLearning from risk management 131\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Who can you trust? 133\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAn asset or a liability? 133\u003c\/p\u003e \u003cp\u003ePeople are different 134\u003c\/p\u003e \u003cp\u003eThe rule of four 135\u003c\/p\u003e \u003cp\u003eThe need to conform 136\u003c\/p\u003e \u003cp\u003eUnderstand your enemies 137\u003c\/p\u003e \u003cp\u003eThe face of the enemy 137\u003c\/p\u003e \u003cp\u003eRun silent, run deep 138\u003c\/p\u003e \u003cp\u003eDreamers and charmers 139\u003c\/p\u003e \u003cp\u003eThe unfashionable hacker 140\u003c\/p\u003e \u003cp\u003eThe psychology of scams 142\u003c\/p\u003e \u003cp\u003eVisitors are welcome 142\u003c\/p\u003e \u003cp\u003eWhere loyalties lie 144\u003c\/p\u003e \u003cp\u003eSigns of disloyalty 144\u003c\/p\u003e \u003cp\u003eThe whistleblower 145\u003c\/p\u003e \u003cp\u003eStemming the leaks 146\u003c\/p\u003e \u003cp\u003eStamping out corruption 147\u003c\/p\u003e \u003cp\u003eKnow your staff 148\u003c\/p\u003e \u003cp\u003eWe know what you did 149\u003c\/p\u003e \u003cp\u003eReading between the lines 151\u003c\/p\u003e \u003cp\u003eLiberty or death 153\u003c\/p\u003e \u003cp\u003ePersonality types 154\u003c\/p\u003e \u003cp\u003ePersonalities and crime 156\u003c\/p\u003e \u003cp\u003eThe dark triad 157\u003c\/p\u003e \u003cp\u003eCyberspace is less risky 157\u003c\/p\u003e \u003cp\u003eSet a thief 159\u003c\/p\u003e \u003cp\u003eIt’s a glamour profession 160\u003c\/p\u003e \u003cp\u003eThere are easier ways 160\u003c\/p\u003e \u003cp\u003eI just don’t believe it 161\u003c\/p\u003e \u003cp\u003eDon’t lose that evidence 162\u003c\/p\u003e \u003cp\u003eThey had it coming 163\u003c\/p\u003e \u003cp\u003eThe science of investigation 164\u003c\/p\u003e \u003cp\u003eThe art of interrogation 165\u003c\/p\u003e \u003cp\u003eSecure by design 167\u003c\/p\u003e \u003cp\u003eScience and snake oil 167\u003c\/p\u003e \u003cp\u003eThe art of hypnosis 169\u003c\/p\u003e \u003cp\u003eThe power of suggestion 170\u003c\/p\u003e \u003cp\u003eIt’s just an illusion 171\u003c\/p\u003e \u003cp\u003eIt pays to cooperate 172\u003c\/p\u003e \u003cp\u003eArtificial trust 173\u003c\/p\u003e \u003cp\u003eWho are you? 173\u003c\/p\u003e \u003cp\u003eHow many identities? 175\u003c\/p\u003e \u003cp\u003eLaws of identity 176\u003c\/p\u003e \u003cp\u003eLearning from people 178\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Managing organization culture and politics 181\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhen worlds collide 181\u003c\/p\u003e \u003cp\u003eWhat is organization culture? 182\u003c\/p\u003e \u003cp\u003eOrganizations are different 184\u003c\/p\u003e \u003cp\u003eOrganizing for security 186\u003c\/p\u003e \u003cp\u003eTackling ‘localitis’ 186\u003c\/p\u003e \u003cp\u003eSmall is beautiful 187\u003c\/p\u003e \u003cp\u003eIn search of professionalism 188\u003c\/p\u003e \u003cp\u003eDeveloping careers 190\u003c\/p\u003e \u003cp\u003eSkills for information security 191\u003c\/p\u003e \u003cp\u003eInformation skills 192\u003c\/p\u003e \u003cp\u003eSurvival skills 194\u003c\/p\u003e \u003cp\u003eNavigating the political minefield 195\u003c\/p\u003e \u003cp\u003eSquare pegs and round holes 196\u003c\/p\u003e \u003cp\u003eWhat’s in a name? 197\u003c\/p\u003e \u003cp\u003eManaging relationships 199\u003c\/p\u003e \u003cp\u003eExceeding expectations 200\u003c\/p\u003e \u003cp\u003eNasty or nice 201\u003c\/p\u003e \u003cp\u003eIn search of a healthy security culture 202\u003c\/p\u003e \u003cp\u003eIn search of a security mindset 204\u003c\/p\u003e \u003cp\u003eWho influences decisions? 205\u003c\/p\u003e \u003cp\u003eDealing with diversity 206\u003c\/p\u003e \u003cp\u003eDon’t take yes for an answer 207\u003c\/p\u003e \u003cp\u003eLearning from organization culture and politics 208\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Designing effective awareness programs 211\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRequirements for change 211\u003c\/p\u003e \u003cp\u003eUnderstanding the problem 212\u003c\/p\u003e \u003cp\u003eAsking the right questions 213\u003c\/p\u003e \u003cp\u003eThe art of questionnaire design 214\u003c\/p\u003e \u003cp\u003eHitting the spot 215\u003c\/p\u003e \u003cp\u003eCampaigns that work 216\u003c\/p\u003e \u003cp\u003eAdapting to the audience 217\u003c\/p\u003e \u003cp\u003eMemorable messages 218\u003c\/p\u003e \u003cp\u003eLet’s play a game 220\u003c\/p\u003e \u003cp\u003eThe power of three 221\u003c\/p\u003e \u003cp\u003eCreating an impact 222\u003c\/p\u003e \u003cp\u003eWhat’s in a word? 224\u003c\/p\u003e \u003cp\u003eBenefits not features 225\u003c\/p\u003e \u003cp\u003eUsing professional support 226\u003c\/p\u003e \u003cp\u003eThe art of technical writing 227\u003c\/p\u003e \u003cp\u003eMarketing experts 228\u003c\/p\u003e \u003cp\u003eBrand managers 229\u003c\/p\u003e \u003cp\u003eCreative teams 230\u003c\/p\u003e \u003cp\u003eThe power of the external perspective 230\u003c\/p\u003e \u003cp\u003eManaging the media 231\u003c\/p\u003e \u003cp\u003eBehavioural psychologists 232\u003c\/p\u003e \u003cp\u003eBlogging for security 233\u003c\/p\u003e \u003cp\u003eMeasuring your success 234\u003c\/p\u003e \u003cp\u003eLearning to conduct campaigns 235\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Transforming organization attitudes and behaviour 237\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChanging mindsets 237\u003c\/p\u003e \u003cp\u003eReward beats punishment 238\u003c\/p\u003e \u003cp\u003eChanging attitudes 240\u003c\/p\u003e \u003cp\u003eScenario planning 241\u003c\/p\u003e \u003cp\u003eSuccessful uses of scenarios 242\u003c\/p\u003e \u003cp\u003eDangers of scenario planning 243\u003c\/p\u003e \u003cp\u003eImages speak louder 244\u003c\/p\u003e \u003cp\u003eA novel approach 245\u003c\/p\u003e \u003cp\u003eThe balance of consequences 245\u003c\/p\u003e \u003cp\u003eThe power of attribution 248\u003c\/p\u003e \u003cp\u003eEnvironments shape behaviour 248\u003c\/p\u003e \u003cp\u003eEnforcing the rules of the network 250\u003c\/p\u003e \u003cp\u003eEncouraging business ethics 251\u003c\/p\u003e \u003cp\u003eThe art of on-line persuasion 251\u003c\/p\u003e \u003cp\u003eLearning to change behaviour 252\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Gaining executive board and business buy-in 255\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCountering security fatigue 255\u003c\/p\u003e \u003cp\u003eMoney isn’t everything 256\u003c\/p\u003e \u003cp\u003eWhat makes a good business case? 257\u003c\/p\u003e \u003cp\u003eAligning with investment appraisal criteria 257\u003c\/p\u003e \u003cp\u003eTranslating benefits into financial terms 258\u003c\/p\u003e \u003cp\u003eAligning with IT strategy 259\u003c\/p\u003e \u003cp\u003eAchieving a decisive result 259\u003c\/p\u003e \u003cp\u003eKey elements of a good business case 260\u003c\/p\u003e \u003cp\u003eAssembling the business case 261\u003c\/p\u003e \u003cp\u003eIdentifying and assessing benefits 261\u003c\/p\u003e \u003cp\u003eSomething from nothing 263\u003c\/p\u003e \u003cp\u003eReducing project risks 263\u003c\/p\u003e \u003cp\u003eFraming your recommendations 264\u003c\/p\u003e \u003cp\u003eMastering the pitch 264\u003c\/p\u003e \u003cp\u003eLearning how to make the business case 266\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 Designing security systems that work 269\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy systems fail 269\u003c\/p\u003e \u003cp\u003eSetting the vision 270\u003c\/p\u003e \u003cp\u003eWhat makes a good vision? 270\u003c\/p\u003e \u003cp\u003eDefining your mission 272\u003c\/p\u003e \u003cp\u003eBuilding the strategy 274\u003c\/p\u003e \u003cp\u003eCritical success factors for effective governance 275\u003c\/p\u003e \u003cp\u003eThe smart approach to governance 276\u003c\/p\u003e \u003cp\u003eDon’t reinvent the wheel 276\u003c\/p\u003e \u003cp\u003eLook for precedents from other fields 277\u003c\/p\u003e \u003cp\u003eTake a top down approach 277\u003c\/p\u003e \u003cp\u003eStart small, then extend 278\u003c\/p\u003e \u003cp\u003eTake a strategic approach 278\u003c\/p\u003e \u003cp\u003eAsk the bigger question 279\u003c\/p\u003e \u003cp\u003eIdentify and assess options 280\u003c\/p\u003e \u003cp\u003eRisk assessment or prescriptive controls? 280\u003c\/p\u003e \u003cp\u003eIn a class of their own 282\u003c\/p\u003e \u003cp\u003eNot all labels are the same 283\u003c\/p\u003e \u003cp\u003eGuidance for technology and people 284\u003c\/p\u003e \u003cp\u003eDesigning long-lasting frameworks 285\u003c\/p\u003e \u003cp\u003eApplying the fourth dimension 286\u003c\/p\u003e \u003cp\u003eDo we have to do that? 287\u003c\/p\u003e \u003cp\u003eSteal with caution 289\u003c\/p\u003e \u003cp\u003eThe golden triangle 290\u003c\/p\u003e \u003cp\u003eManaging risks across outsourced supply chains 291\u003c\/p\u003e \u003cp\u003eModels, frameworks and architectures 292\u003c\/p\u003e \u003cp\u003eWhy we need architecture 293\u003c\/p\u003e \u003cp\u003eThe folly of enterprise security architectures 294\u003c\/p\u003e \u003cp\u003eReal-world security architecture 295\u003c\/p\u003e \u003cp\u003eThe 5Ws (and one H) 296\u003c\/p\u003e \u003cp\u003eOccam’s Razor 297\u003c\/p\u003e \u003cp\u003eTrust architectures 298\u003c\/p\u003e \u003cp\u003eSecure by design 299\u003c\/p\u003e \u003cp\u003eJericho Forum principles 299\u003c\/p\u003e \u003cp\u003eCollaboration-oriented architecture 300\u003c\/p\u003e \u003cp\u003eForwards not backwards 301\u003c\/p\u003e \u003cp\u003eCapability maturity models 301\u003c\/p\u003e \u003cp\u003eThe power of metrics 302\u003c\/p\u003e \u003cp\u003eClosing the loop 303\u003c\/p\u003e \u003cp\u003eThe importance of ergonomics 305\u003c\/p\u003e \u003cp\u003eIt’s more than ease of use 305\u003c\/p\u003e \u003cp\u003eThe failure of designs 306\u003c\/p\u003e \u003cp\u003eErgonomic methods 307\u003c\/p\u003e \u003cp\u003eA nudge in the right direction 308\u003c\/p\u003e \u003cp\u003eLearning to design systems that work 308\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Harnessing the power of the organization 311\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe power of networks 311\u003c\/p\u003e \u003cp\u003eSurviving in a hostile world 311\u003c\/p\u003e \u003cp\u003eMobilizing the workforce 312\u003c\/p\u003e \u003cp\u003eWork smarter, not harder 313\u003c\/p\u003e \u003cp\u003eFinding a lever 313\u003c\/p\u003e \u003cp\u003eThe art of systems thinking 314\u003c\/p\u003e \u003cp\u003eCreating virtuous circles 315\u003c\/p\u003e \u003cp\u003eTriggering a tipping point 315\u003c\/p\u003e \u003cp\u003eIdentifying key influencers 316\u003c\/p\u003e \u003cp\u003eIn search of charisma 318\u003c\/p\u003e \u003cp\u003eUnderstanding fashion 318\u003c\/p\u003e \u003cp\u003eThe power of context 319\u003c\/p\u003e \u003cp\u003eThe bigger me 320\u003c\/p\u003e \u003cp\u003eThe power of the herd 321\u003c\/p\u003e \u003cp\u003eThe wisdom of crowds 322\u003c\/p\u003e \u003cp\u003eUnlimited resources – the power of open source 323\u003c\/p\u003e \u003cp\u003eUnlimited purchasing power 324\u003c\/p\u003e \u003cp\u003eLet the network to do the work 324\u003c\/p\u003e \u003cp\u003eWhy is everything getting more complex? 325\u003c\/p\u003e \u003cp\u003eGetting to grips with complexity 327\u003c\/p\u003e \u003cp\u003eSimple can’t control complex 327\u003c\/p\u003e \u003cp\u003eDesigning freedom 329\u003c\/p\u003e \u003cp\u003eA process-free world 330\u003c\/p\u003e \u003cp\u003eThe power of expressive systems 331\u003c\/p\u003e \u003cp\u003eEmergent behaviour 332\u003c\/p\u003e \u003cp\u003eWhy innovation is important 332\u003c\/p\u003e \u003cp\u003eWhat is innovation? 333\u003c\/p\u003e \u003cp\u003eWhat inspires people to create? 335\u003c\/p\u003e \u003cp\u003eJust one idea is enough 335\u003c\/p\u003e \u003cp\u003eThe art of creative thinking 336\u003c\/p\u003e \u003cp\u003eYes, you can 336\u003c\/p\u003e \u003cp\u003eOutside the box 337\u003c\/p\u003e \u003cp\u003eInnovation environments 339\u003c\/p\u003e \u003cp\u003eTurning ideas into action 339\u003c\/p\u003e \u003cp\u003eSteps to innovation heaven 340\u003c\/p\u003e \u003cp\u003eThe road ahead 341\u003c\/p\u003e \u003cp\u003eMapping the future 342\u003c\/p\u003e \u003cp\u003eLearning to harness the power of the organization 344\u003c\/p\u003e \u003cp\u003eIn conclusion 347\u003c\/p\u003e \u003cp\u003eBibliography 353\u003c\/p\u003e \u003cp\u003eIndex 357\u003c\/p\u003e  \u003cp\u003e\"For a big book-in size and in ambition- it's most readable.\" (\u003cem\u003eProfessional Security,\u003c\/em\u003e September 2010) \u003c\/p\u003e\u003cp\u003e\"I found the book enjoyable and easy to read. It is very informative, and gives good references.\" (\u003cem\u003eInfosecurity,\u003c\/em\u003e June 2009) \u003c\/p\u003e\u003cp\u003e\"... an engaging read.\" (\u003cem\u003eInformation Age,\u003c\/em\u003e May 2009)   \u003cstrong\u003eDavid Lacey\u003c\/strong\u003e is a leading authority on Information Security management with more than 25 years professional experience, gained in senior leadership roles in Royal Dutch\/Shell Group, Royal Mail Group and the British Foreign \u0026amp; Commonwealth Office. David is now a freelance director, researcher, writer and a consultant to organisations, venture capitalists and technology companies. He also writes a leading blog on IT Security for \u003cem\u003eComputer Weekly\u003c\/em\u003e, the largest circulation UK technology magazine.    \u003c\/p\u003e\u003cp\u003e\u003cb\u003e\"Computers do not commit crimes. People do.\"\u003c\/b\u003e  \u003c\/p\u003e\u003cp\u003eThe biggest threat to information security is the \"human factor\", the influence of people. Even the best people will make mistakes, cause breaches and create security weaknesses that enable criminals to steal, corrupt or manipulate systems and data. The explosion in social networking and mobile computing is intensifying this problem.  \u003c\/p\u003e\u003cp\u003eFor the first time, this book brings together theories and methods which will help you to change and harness people's security behaviour. It will help you to:  \u003c\/p\u003e\u003cul\u003e \u003cli\u003eUnderstand and manage major crises and risk\u003c\/li\u003e \u003cli\u003eAppreciate the nature of the insider threat\u003c\/li\u003e \u003cli\u003eNavigate organization culture and politics\u003c\/li\u003e \u003cli\u003eBuild better awareness programmes\u003c\/li\u003e \u003cli\u003eTransform user attitudes and behaviour\u003c\/li\u003e \u003cli\u003eGain Executive Board buy-in\u003c\/li\u003e \u003cli\u003eDesign management systems that really work\u003c\/li\u003e \u003cli\u003eHarness the power of your organization\u003c\/li\u003e \u003c\/ul\u003e  \u003cp\u003eBased on the author's own personal experience of working with large, complex organizations, such as Shell and Royal Mail, this book is written by an information security insider and makes essential reading for all information security professionals.  \u003c\/p\u003e\u003cp\u003e\"We live in an age where social networks, collaborative working and community development are global and commonplace, redefining the role of information security. David takes a dry-as-dust elephant of a subject and expertly serves it up in edible, even tasty, morsels.\"\u003cbr\u003e \u003cb\u003eJP Rangaswami, Managing Director of BT Design\u003c\/b\u003e  \u003c\/p\u003e\u003cp\u003e\"A highly entertaining read that will undoubtedly become essential reading for all security professionals.\"\u003cbr\u003e \u003cb\u003eProfessor Fred Piper\u003c\/b\u003e  \u003c\/p\u003e\u003cp\u003e\"I'm really interested in reading this book and, frankly, once it's published, I'll be one of the first to buy it.\"\u003cbr\u003e \u003cb\u003eDr. Eugene Schultz, High Tower Software\u003c\/b\u003e\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989568667877,"sku":"NP9780470721995","price":50.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780470721995.jpg?v=1761784632","url":"https:\/\/k12savings.com\/es\/products\/managing-the-human-factor-in-information-security-isbn-9780470721995","provider":"K12savings","version":"1.0","type":"link"}