Research suggests that between 60-75% of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches.
'McIlwraith's message is important. His writing is interesting and clear. His suggestions are useful. His book is recommended for anyone with either a specific obligation for awareness training, or overall responsibility for security management.' Robert M. Slade, Victoria Tele-community Network, Canada 'Information is every organisation's most prized asset. This book will be essential reading for organisations which, although content with the technical security measures in place, nonetheless have concerns over whether their staff have sufficient understanding of this area.' Information Security Specialist Group Magazine '...provides a very pragmatic solution, improving strategies and techniques for educating and training employees in information security, and explains how different metrics can be used to assess awareness and behavior. It is a worthwhile reading book and a must for every business library.' Educational Book Review, India