The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour considers information security from the seemingly opposing viewpoints of security professionals and end users to find the balance between security and productivity. It provides recommendations on aligning a security programme with wider organisational objectives, successfully managing change and improving security culture. Leron Zinatullin (zinatullin.com) is an experienced risk consultant specialising in cyber security strategy, management and delivery. He has led large-scale, global, high-value security transformation projects with a view to improving cost performance and supporting business strategy. He has extensive knowledge and practical experience in solving information security, privacy and architectural issues across multiple industry sectors. He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behaviour.

1: Introduction to Information Security

2: Risk Management

3: The Complexity of Risk Management

4: Stakeholders and Communication

5: Information Security Governance

6: Problems with Policies

7: How Security Managers Make Decisions

8: How Users Make Decisions

 

9: Security and Usability

10: Security Culture

11: The Psychology of Compliance

12: Conclusion - Changing the Approach to Security

 

Appendix: Analogies

Analogy 1: Cake and Security

Analogy 2: Poker and Security

Pubblicato da: IT Governance Publishing Ltd