Psychology of Information Security

The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour considers information security from the seemingly opposing viewpoints of security professionals and end users to find the balance between security and productivity. It provides recommendations on aligning a security programme with wider organisational objectives, successfully managing change and improving security culture.

• Cover
• Title
• Copyright
• Foreword
• Preface
• About The Author
• Acknowledgements
• Contents
• CHAPTER 1: INTRODUCTION TO INFORMATION SECURITY
• CHAPTER 2: RISK MANAGEMENT
• CHAPTER 3: THE COMPLEXITY OF RISK MANAGEMENT
• CHAPTER 4: STAKEHOLDERS AND COMMUNICATION
• CHAPTER 5: INFORMATION SECURITY GOVERNANCE
• CHAPTER 6: PROBLEMS WITH POLICIES
• CHAPTER 7: HOW SECURITY MANAGERS MAKE DECISIONS
• CHAPTER 8: HOW USERS MAKE DECISIONS
  • There is no clear reason to comply
  • The cost of compliance is too high
  • There is an inability to comply
• CHAPTER 9: SECURITY AND USABILITY
• CHAPTER 10: SECURITY CULTURE
• CHAPTER 11: THE PSYCHOLOGY OF COMPLIANCE
• CHAPTER 12: CONCLUSION - CHANGING THE APPROACH TO SECURITY
  • Design
  • Culture
  • Supervision and sanctioning
• APPENDIX: ANALOGIES
  • Analogy 1: Cake and Security
  • Analogy 2: Poker and Security
• SOURCES
• ITG RESOURCES