- Inbunden (Hardback)
- Antal sidor
- John Wiley & Sons Inc
- 236 x 160 x 24 mm
- Antal komponenter
- 436 g
Du kanske gillar
The Security Culture Playbook - An Executive Guide To Reducing Risk and Developing Your Human Defense Layer
An Executive Guide To Reducing Risk and Developing Your Human Defense Layerav P CarpenterMitigate human risk and bake security into your organization's culture from top to bottom with insights from leading experts in security awareness, behavior, and culture. The topic of security culture is mysterious and confusing to most leaders. But it doesn't have to be. In The Security Culture Playbook, Perry Carpenter and Kai Roer, two veteran cybersecurity strategists deliver experience-driven, actionable insights into how to transform your organization's security culture and reduce human risk at every level. This book exposes the gaps between how organizations have traditionally approached human risk and it provides security and business executives with the necessary information and tools needed to understand, measure, and improve facets of security culture across the organization. The book offers: An expose of what security culture really is and how it can be measured A careful exploration of the 7 dimensions that comprise security culture Practical tools for managing your security culture program, such as the Security Culture Framework and the Security Culture Maturity Model Insights into building support within the executive team and Board of Directors for your culture management program Also including several revealing interviews from security culture thought leaders in a variety of industries, The Security Culture Playbook is an essential resource for cybersecurity professionals, risk and compliance managers, executives, board members, and other business leaders seeking to proactively manage and reduce risk.
KundrecensionerHar du läst boken? Sätt ditt betyg »
Fler böcker av P Carpenter
Transformational Security Awareness - What Neuroscientists, Storytellers, and Marketers Can Tech us About Driving Secure Behaviors
Expert guidance on the art and science of driving secure behaviors Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs...
PERRY CARPENTER, C|CISO, MSIA, is an author, podcaster, thought leader, and cybersecurity expert specializing in security awareness and the human factors of security. His research focuses on marketing, communication, behavior science, organizational culture management, sociology, and more. KAI ROER is the author of several books on security and leadership, a keynote speaker, and a thought leader in the security culture field. In addition to his research, he is an entrepreneur and the inventor of technology and frameworks that transformed the information security industry.
About the Authors viii Acknowledgments xii Introduction xxv Part I: Foundation 1 Chapter 1: You Are Here 3 Why All the Buzz? 4 What Is Security Culture, Anyway? 8 A Problem of Definition 9 A Problem of Overconfidence 11 Takeaways 12 Chapter 2: Up-leveling the Conversation: Security Culture Is a Board-level Concern 13 A View from the Top 14 Telling the Human Side of the Story 15 What's the Cost of Not Getting This Right? 16 Cybercriminals Are Doubling Down on Their Attacks Against Your Employees 19 Your People and Security Culture Are at the Center of Everything 20 The Implication 22 Getting It Right 24 Takeaways 25 Chapter 3: The Foundations of Transformation 27 The Core Thesis 29 The Knowledge-Intention-Behavior Gap 29 Three Realities of Security Awareness 31 Program Focus 31 Extending the Discussion 33 Introducing the Security Culture Maturity Model 33 The Security Culture Maturity Model in Brief 35 The S-Curves 36 The Value of the Security Culture Maturity Model 37 You Are Always Either Building Strength or Allowing Atrophy 37 Takeaways 38 Part II: Exploration 39 Chapter 4: Just What Is Security Culture, Anyway? 41 Lessons from Safety Culture 42 A Jumble of Terms 44 Information Security Culture 45 IT Security Culture 45 Cybersecurity Culture 46 Security Culture in the Modern Day 46 Technology Focus 47 Compliance Focus 48 Human-Reality Focus 49 Takeaways 51 Chapter 5: Critical Concepts from the Social Sciences 53 What's the Real Goal-Awareness, Behavior, or Culture? 54 Coming to Terms with Our Irrational Nature 55 We Are Lazy 56 Why Don't We Just Give Up? 60 Security Culture-A Part of Organizational Culture 61 Takeaways 62 Chapter 6: The Components of Security Culture 63 A Problem of Definition 64 The Academic Perspective 64 The Practitioner Perspective 65 Defining Security Culture 66 Security Culture as Dimensions 67 The Seven Dimensions of Security Culture 69 Attitudes 69 Behaviors 69 Cognition 69 Communication 70 Compliance 70 Norms 70 Responsibilities 71 The Security Culture Survey 71 Example Findings from Measuring the Seven Dimensions 72 Normalized Use of Unauthorized Services 73 Confidentiality and Insider Threats 74 Last Thought 74 Takeaways 75 Chapter 7: Interviews with Organizational Culture Experts and Academics 77 John R. Childress, PYXIS Culture Technologies Limited 78 Why Is Culture Important? 78 Why Do You Find Culture Interesting? 79 Is There a Specific Definition of Culture That You Find Useful? 79 What Actions Can Be Taken to Direct Cultural Change? 80 Is There a Success or Horror Story You'd Like to Share Related to Culture Change? 81 How Does a Culture Evolve (or How Often?) 82 Professor John McAlaney, Bournemouth University, UK 82 Why Is Culture Important? 83 Why Do You Find Culture Interesting? 83 Is There a Specific Definition of Culture That You Find Useful? 83 What Actions Can Be Taken to Direct Cultural Change? 84 Is There a Success or Horror Story You'd Like to Share Related to Culture Change? 85 How Does a Culture Evolve (or How Often?) 85 Dejun "Tony" Kong, PhD, Muma College of Business, University of South Florida 86 Why Is Culture Important? 86 Why Do You Find Culture Interesting? 86 Is There a Specific Definition of Culture That You Find Useful? 87 How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change? 87 Michael Leckie, Silverback Partners, LLC 87 Why Is Culture Important? 88 Why Do You Find Culture Interesting? 89 Is There a Specific Definition of Culture That You Find Useful? 90 How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change? 90 What Actions Can Be Taken to Direct Cultural Change? 91 Is There a Success or Horror Story You'd Like to Share Related to Culture Change? 93 How Does a Culture Evolve (or How Often?) 93 P