The Psychology Of Information Security – Resolving Conflicts Between Security Compliance And Human Behaviour Book Review
The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour Book Summary:
- Authors: Leron Zinatullin
- Publishers: ITGP
- Format: Softcover
Security programs cannot succeed without considering people
When implementing security polices, information security professionals are constantly faced with a conflict between the security team and the rest of the business. They must ensure that their organization is adequately addressing information security risks, whilst also communicating the value of security appropriately.
David Ferbrache, Technical Director at KPMG UK, says “No approach can ever succeed without considering people – and as a profession we need to look beyond our computers to understand the business, the culture of the organizations, and, most of all, how we can create a security environment which helps people feel free to actually do their job.”
By gaining an understanding of the psychology of information security, you can ensure your security program is a success.
The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour Book Review:
The book discusses about the conflict between security compliance and human behaviour. It explains the impact of human behaviour on any security program. It explains how the human factor plays an important role in any security program. It suggests a way to overcome this kind of conflict.
It has a number of chapters. And, each chapter is divided into a number of sections. It offers practical insights into psychological theories and attributes pertaining to the field of information security.
Information security has been in the news a lot these days. And, this book covers the following information.
It talks about the theory behind information security, risk management and compliance.
It talks about the responsibilities of information security officers.
It explains the meaning of information security policies.
It explains the context of information security for managers.
Things You’ll Love About The Psych of Security:
Psych of Security: The authors make things clear and easy to follow.
The authors do not preach that it is a security miracle. Rather, they offer a well-reasoned analysis.
This book will help you understand the psychology of security as it relates to your organization.
This book would be especially useful for Risk Managers and Information Security Managers. It is a quick read yet has enough depth to keep it interesting.
Things You’ll Hate About The Psych of Security:
Psych of Security: This book may not contain data analytics that are necessary to understand the topic. It is broad view of the topic.
For the authors to make this book useful for managers, they need to discuss behavioural patterns for individuals and different departments. That would have helped managers understand how people work. But, it is implied in the book.
The authors could have included more information, which would have helped the reader make their own view on the topic of security.
Additional Thoughts:
Understanding how people reacts to security related communication is a huge challenge in the field of information security. And, any process to handle this effectively would be very helpful. This book is a quick read. And, it can be used as a “Security 101” reading for anyone new to the field.