| | |  | Computer Security | Home » » Information Security And Employee Behaviour: How to Reduce Risk Through Employee Education, Training And Awareness | | | | | | | Product Promotions: | | | | | Description: | | Research suggests that between 60-75 per cent of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. "Information Security and Employee Behaviour" will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches. | | | Product Details: | | | Author:
| Angus Mcilwraith | | Hardcover:
| 169 pages | | Publisher:
| Gower Pub Co | | Publication Date:
| 2006-02 | | Language:
| English | | ISBN:
| 0566086476 | | Package Length:
| 9.37 inches | | Package Width:
| 6.93 inches | | Package Height:
| 0.94 inches | | Package Weight:
| 0.84 pounds | | Average Customer Rating:
|  based on 1 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 1 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
1 of 1 found the following review helpful:
Interesting, good to know, but lacks practicalityMar 23, 2006
By Lea K. Kivi
Angus McIlwraith's book "Information Security and Employee Behaviour" is interesting and well-written, but not enormously useful with regard to the practical matter of implementing a security awareness program.
The first section, "A Framework For Understanding", succeeds in presenting important individual and group psychological factors to consider when seeking to change employee behavior.
However, the second section, "A Framework For Implementation" just gives high-level implementation steps and then describes in great detail only two aspects of implementing a security awareness program - measuring awareness, and choosing delivery media. No practical methodologies are presented. One has the sense that there are several chapters missing. It would have been a more useful book if all five steps in developing an awareness program proposed by the author in chapter 4 had been elaborated upon.
If you are someone looking for practical help in putting together an entire security awareness program, by far the best book out there at this point is "Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold.
| | |
|
