Muutke küpsiste eelistusi

Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer [Kõva köide]

4.04/5 (83 hinnangut Goodreads-ist)
,
  • Formaat: Hardback, 256 pages, kõrgus x laius x paksus: 231x160x25 mm, kaal: 454 g
  • Ilmumisaeg: 18-Apr-2022
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119875234
  • ISBN-13: 9781119875239
Teised raamatud teemal:
  • Kõva köide
  • Hind: 24,17 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 28,44 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense LayerSuurem pilt
  • Formaat: Hardback, 256 pages, kõrgus x laius x paksus: 231x160x25 mm, kaal: 454 g
  • Ilmumisaeg: 18-Apr-2022
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119875234
  • ISBN-13: 9781119875239
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119875239.html
Märksõnad:

Mitigate human risk and bake security into your organization’s culture from top to bottom with insights from leading experts in security awareness, behavior, and culture.

The topic of security culture is mysterious and confusing to most leaders. But it doesn’t have to be. In The Security Culture Playbook, Perry Carpenter and Kai Roer, two veteran cybersecurity strategists deliver experience-driven, actionable insights into how to transform your organization’s security culture and reduce human risk at every level. This book exposes the gaps between how organizations have traditionally approached human risk and it provides security and business executives with the necessary information and tools needed to understand, measure, and improve facets of security culture across the organization.

The book offers:

  • An expose of what security culture really is and how it can be measured
  • A careful exploration of the 7 dimensions that comprise security culture
  • Practical tools for managing your security culture program, such as the Security Culture Framework and the Security Culture Maturity Model
  • Insights into building support within the executive team and Board of Directors for your culture management program

Also including several revealing interviews from security culture thought leaders in a variety of industries, The Security Culture Playbook is an essential resource for cybersecurity professionals, risk and compliance managers, executives, board members, and other business leaders seeking to proactively manage and reduce risk.

About the Authors viii
Acknowledgments xii
Introduction xxv
PART I FOUNDATION
1(38)
Chapter 1 You Are Here
3(10)
Why All the Buzz?
4(4)
What Is Security Culture, Anyway?
8(1)
A Problem of Definition
9(2)
A Problem of Overconfidence
11(1)
Takeaways
12(1)
Chapter 2 Up-leveling the Conversation: Security Culture Is a Board-level Concern
13(14)
A View from the Top
14(1)
Telling the Human Side of the Story
15(1)
What's the Cost of Not Getting This Right?
16(3)
Cybercriminals Are Doubling Down on Their Attacks Against Your Employees
19(1)
Your People and Security Culture Are at the Center of Everything
20(2)
The Implication
22(2)
Getting It Right
24(1)
Takeaway's
25(2)
Chapter 3 The Foundations of Transformation
27(12)
The Core Thesis
29(1)
The Knowledge-Intention-Behavior Gap
29(2)
Three Realities of Security Awareness
31(1)
Program Focus
31(2)
Extending the Discussion
33(1)
Introducing the Security Culture Maturity Model
33(2)
The Security Culture Maturity Model in Brief
35(1)
The S-Curves
36(1)
The Value of the Security Culture Maturity Model
37(1)
You Are Always Either Building Strength or Allowing Atrophy
37(1)
Takeaways
38(1)
PART II EXPLORATION
39(56)
Chapter 4 Just What Is Security Culture, Anyway?
41(12)
Lessons from Safety Culture
42(2)
A Jumble of Terms
44(1)
Information Security Culture
45(1)
IT Security Culture
45(1)
Cybersecurity Culture
46(1)
Security Culture in the Modern Day
46(1)
Technology Focus
47(1)
Compliance Focus
48(1)
Human-Reality Focus
49(2)
Takeaways
51(2)
Chapter 5 Critical Concepts from the Social Sciences
53(10)
What's the Real Goal---Awareness, Behavior, or Culture?
54(1)
Coming to Terms with Our Irrational Nature
55(1)
We Are Lazy
56(4)
Why Don't We Just Give Up?
60(1)
Security Culture---A Part of Organizational Culture
61(1)
Takeaways
62(1)
Chapter 6 The Components of Security Culture
63(14)
A Problem of Definition
64(1)
The Academic Perspective
64(1)
The Practitioner Perspective
65(1)
Defining Security Culture
66(1)
Security Culture as Dimensions
67(2)
The Seven Dimensions of Security Culture
69(1)
Attitudes
69(1)
Behaviors
69(1)
Cognition
69(1)
Communication
70(1)
Compliance
70(1)
Norms
70(1)
Responsibilities
71(1)
The Security Culture Survey
71(1)
Example Findings from Measuring the Seven Dimensions
72(1)
Normalized Use of Unauthorized Services
73(1)
Confidentiality and Insider Threats
74(1)
Last Thought
74(1)
Takeaways
75(2)
Chapter 7 Interviews with Organizational Culture Experts and Academics
77(18)
John R. Childress, PYXIS Culture Technologies Limited
78(1)
Why Is Culture Important?
78(1)
Why Do You Find Culture Interesting?
79(1)
Is There a Specific Definition of Culture That You Find Useful?
79(1)
What Actions Can Be Taken to Direct Cultural Change?
80(1)
Is There a Success or Horror Story You'd Like to Share Related to Culture Change?
81(1)
How Does a Culture Evolve (or How Often?)
82(1)
Professor John McAlaney, Bournemouth University, UK
82(1)
Why Is Culture Important?
83(1)
Why Do You Find Culture Interesting?
83(1)
Is There a Specific Definition of Culture That You Find Useful?
83(1)
What Actions Can Be Taken to Direct Cultural Change?
84(1)
Is There a Success or Horror Story You'd Like to Share Related to Culture Change?
85(1)
How Does a Culture Evolve (or How Often?)
85(1)
Dejun "Tony" Kong, PhD, Muma College of Business, University of South Florida
86(1)
Why Is Culture Important?
86(1)
Why Do You Find Culture Interesting?
86(1)
Is There a Specific Definition of Culture That You Find Useful?
87(1)
How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change?
87(1)
Michael Leckie, Silverback Partners, LLC
87(1)
Why Is Culture Important?
88(1)
Why Do You Find Culture Interesting?
89(1)
Is There a Specific Definition of Culture That You Find Useful?
90(1)
How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change?
90(1)
What Actions Can Be Taken to Direct Cultural Change?
91(2)
Is There a Success or Horror Story You'd Like to Share Related to Culture Change?
93(1)
How Does a Culture Evolve (or How Often?)
93(2)
PART III TRANSFORMATION
95(116)
Chapter 8 Introducing the Security Culture Framework
97(16)
The Power of Three
99(1)
Step 1 Measure
100(1)
Know Where You are
101(1)
Decide Where You Want to Be
102(2)
Find Your Gap
104(2)
Step 2 Involve
106(1)
Building Support
106(2)
Different Audiences
108(1)
Step 3 Engage
109(2)
Rinse and Repeat
111(1)
Benefits of Using the Security Culture Framework
111(1)
Takeaways
112(1)
Chapter 9 The Secrets to Measuring Security Culture
113(16)
Connecting Awareness, Behavior, and Culture
115(1)
How Can You Measure the Unseen?
116(1)
Using Existing Data
116(3)
The Right Wag to Use Data
119(1)
Methods of Measuring Culture
119(1)
Observation
120(1)
Experimentation
121(1)
Interrogation (Surveys and Interviews)
121(1)
A/B Testing
122(2)
Multiple Metrics, Single Score
124(1)
Trends
125(2)
A Note Regarding Completion Rates
127(1)
Takeaways
128(1)
Chapter 10 How to Influence Culture
129(20)
Resistance to Change
130(1)
Be Proactive
131(2)
The Complexity of Culture
133(1)
Using the Seven Dimensions to Influence Your Security Culture
134(1)
Attitudes
134(2)
Behaviors
136(2)
Cognition
138(2)
Communication
140(1)
Compliance
141(2)
Norms
143(1)
Responsibilities
144(2)
How Do You Know Which Dimension to Target?
146(1)
Takeaways
147(2)
Chapter 11 Culture Sticking Points
149(8)
Does Culture Change Have to Be Difficult?
150(1)
Using Norms Is a Double-Edged Sword
151(1)
Failing to Plan Is Planning to Fail
152(1)
If You Try to Work Against Human Nature, You Will Fail
153(2)
Not Seeing the Culture You Are Embedded In
155(1)
Takeaways
156(1)
Chapter 12 Planning and Maturing Your Program
157(20)
Taking Stock of What We've Covered
158(1)
View Your Culture Through Your Employees' Eyes
159(1)
Culture Carriers
160(1)
Building and Modeling Maturity
161(1)
Exploring the Data
162(1)
Culture Maturity Indicators
162(3)
Level 1 Basic Compliance
165(1)
Level 2 Security Awareness Foundation
165(1)
Level 3 Programmatic Security Awareness & Behavior
166(1)
Level 4 Security Behavior Management
167(1)
Level 5 Sustainable Security Culture
168(2)
There Are Stories in the Data
170(4)
A Seat at the Table
174(1)
Takeaways
175(2)
Chapter 13 Quick Tips for Gaining and Maintaining Support
177(10)
You Are a Guide
178(1)
Sell by Using Stories
179(1)
Lead with Empathy, Know Your Audience
180(4)
Set Expectations
184(1)
Takeaways
185(2)
Chapter 14 Interviews with Security Culture Thought Leaders
187(20)
Alexandra Panaretos, Ernst & Young
188(1)
Why Is Culture Important?
188(1)
Why Do You Find Culture Interesting?
189(1)
Is There a Success or Horror Story You'd Like to Share Related to Culture Change?
190(3)
Dr. Jessica Barker, Cygenta
193(1)
Why Is Security Culture Important?
193(1)
Why Do You Find Culture Interesting?
194(1)
What Actions Can Be Taken to Direct Cultural Change?
194(1)
What Is Your Most Interesting Experience with Culture?
195(1)
Kathryn Djebbar, Jaguar Land Rover
195(1)
Why Is Culture Important?
195(1)
Why Do You Find Culture Interesting?
196(1)
Is There a Specific Definition of Culture That You Find Useful?
196(1)
How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change?
196(1)
What Actions Can Be Taken to Direct Cultural Change?
197(1)
Lauren Zink, Boeing
197(1)
Why Is Culture Important?
198(1)
Why Do You Find Culture Interesting?
198(1)
Is There a Specific Definition of Culture That You Find Useful?
199(1)
How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change?
199(1)
Mark Majewski, Rock Central
200(1)
Why Is Culture Important?
200(1)
Why Do You Find Culture Interesting?
200(1)
Is There a Specific Definition of Culture That You Find Useful?
201(1)
How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change?
201(1)
What Actions Can Be Taken to Direct Cultural Change?
201(1)
Is There a Success or Horror Story You'd Like to Share Related to Culture Change?
202(1)
How Does a Culture Evolve (or How Often?)
202(1)
Mo Amin, moamin.com
203(1)
Why Is Culture Important?
203(1)
Why Do You Find Culture Interesting?
203(1)
Is There a Specific Definition of Culture That You Find Useful?
203(1)
How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change?
203(1)
What Actions Can Be Taken to Direct Cultural Change?
204(1)
Is There a Success or Horror Story You'd Like to Share Related to Culture Change?
204(1)
How Does a Culture Evolve (or How Often)?
205(2)
Chapter 15 Parting Thoughts
207(4)
Engage the Community
208(1)
Be a Lifelong Learner
209(1)
Be a Realistic Optimist
210(1)
Conclusion 211(2)
Bibliography 213(4)
Index 217
PERRY CARPENTER, C|CISO, MSIA, is an author, podcaster, thought leader, and cybersecurity expert specializing in security awareness and the human factors of security. His research focuses on marketing, communication, behavior science, organizational culture management, sociology, and more.

KAI ROER is the author of several books on security and leadership, a keynote speaker, and a thought leader in the security culture field. In addition to his research, he is an entrepreneur and the inventor of technology and frameworks that transformed the information security industry.