Information security professionals can often be ignorant of the impact that implementing security policies in a vacuum can have on end users’ core business activities.
These end users are, in turn, often unaware of the risks they can expose their organisation to, and may even feel justified in finding workarounds because they believe that the organisation values productivity over security.
The end result is a conflict between the security team and the rest of the business, and increased, rather than reduced, risk.
Reader review
“This is an easy-to-read, accessible and simple introduction to information security. The style is straightforward, and calls on a range of anecdotes to help the reader through what is often a complicated and hard to penetrate subject.”
– Dr David King, University of Oxford
The Psychology of Information Security is available from IT Governance in various formats (including softcover, Adobe eBook, Kindle and ePub):
The Psychology of Information Security is part of the
Fundamentals Series, co-published by IT Governance Publishing and Information Security Buzz. Buy all of the current titles from IT Governance and save 20% on the list price: