Augusta University’s Cyber Institute adopts my book

jsacacalog

Just received some great news from my publisher.  My book has been accepted for use on a course at Augusta University. Here’s some feedback from the course director:

Augusta University’s Cyber Institute adopted the book “The Psychology of Information Security” as part of our Masters in Information Security Management program because we feel that the human factor plays an important role in securing and defending an organisation. Understanding behavioural aspects of the human element is important for many information security managerial functions, such as developing security policies and awareness training. Therefore, we want our students to not only understand technical and managerial aspects of security, but psychological aspects as well.

Advertisements

Cybersecurity Canon: The Psychology of Information Security

 

Big-Canon-Banner.png

My book has been nominated for the Cybersecurity Cannon, a list of must-read books for all cybersecurity practitioners.

Review by Guest Contributor Nicola Burr, Cybersecurity Consultant

Read the rest of this entry »


Delivering a guest lecture at California State University, Long Beach

CSU Long Beach

I’ve been invited to talk to Masters students at the California State University, Long Beach about starting a career in cyber security.  My guest lecture at the Fundamentals of Security class was well received. Here’s the feedback I received from the Professor:

Leron, thank you so much for talking to my students. We had a great session and everybody was feeling very energised afterwards. It always helps students to interact with industry practitioners and you did a fantastic job inspiring the class. I will be teaching this class next semester, too. Let’s keep in touch and see if you will be available to do a similar session with the next cohort. Again, thank you very much for your time – I wish we could have more time available to talk!


The Psychology of Information Security Culture

logo

In order to reduce security risks within an enterprise, security professionals have traditionally attempted to guide employees towards compliance through security training. However, recurring problems and employee behaviour in this arena indicate that these measures are insufficient and rather ineffective.

Security training tends to focus on specific working practices and defined threat scenarios, leaving the understanding of security culture and its specific principles of behaviour untouched. A security culture should be regarded as a fundamental matter to address. If neglected, employees will not develop habitually secure behaviour or take the initiative to make better decisions when problems arise.

In my talk I will focus on how you can improve security culture in your organisation. I’ll discuss how you can:

  • Understand the root causes of a poor security culture within the workplace
  • Aligning a security programme with wider organisational objectives
  • Manage and communicate these changes within an organisation

The goal is not to teach tricks, but to create a new culture which is accepted and understood by everyone. Come join us at the Security Awareness Summit on 11 Nov for an amazing opportunity to learn from and share with each other. Activities include show-n-tell, 306 Lightening Talks, video wars, group case studies and numerous networking activities. Learn more and register now for the Summit.

Original


The Psychology of Information Security book reviews

51enjkmw1ll-_sx322_bo1204203200_

I wrote about my book  in the previous post. Here I would like to share what others have to say about it.

So often information security is viewed as a technical discipline – a world of firewalls, anti-virus software, access controls and encryption. An opaque and enigmatic discipline which defies understanding, with a priesthood who often protect their profession with complex concepts, language and most of all secrecy.

Leron takes a practical, pragmatic and no-holds barred approach to demystifying the topic. He reminds us that ultimately security depends on people – and that we all act in what we see as our rational self-interest – sometimes ill-informed, ill-judged, even downright perverse.

No approach to security can ever succeed without considering people – and as a profession we need to look beyond our computers to understand the business, the culture of the organisation – and most of all, how we can create a security environment which helps people feel free to actually do their job.
David Ferbrache OBE, FBCS
Technical Director, Cyber Security
KPMG UK

This is an easy-to-read, accessible and simple introduction to information security.  The style is straightforward, and calls on a range of anecdotes to help the reader through what is often a complicated and hard to penetrate subject.  Leron approaches the subject from a psychological angle and will be appealing to both those of a non-technical and a technical background.
Dr David King
Visiting Fellow of Kellogg College
University of Oxford

Read the rest of this entry »


Presenting at the IT & Security Forum

ITSF

I was invited to speak at the IT & Security Forum in Kazan, Russia. The conference spanned over three days and combined technical and non-technical talks, round table discussions and vendor presentations.

I spoke about the friction between security and productivity in the Oil & Gas sector. The participants shared their issues, after which we discussed potential solutions.

It was great to see that security managers in the audience recognised the potential negative impact to the business of poorly implemented security policies and controls and that they are willing to tackle such challenges.


Digital decisions: Understanding behaviours for safer cyber environments

DART

I was invited to participate in a panel discussion at a workshop on digital decision-making and risk-taking hosted by the Decision, Attitude, Risk & Thinking (DART) research group at Kingston Business School.

During the workshop, we addressed the human dimension in issues arising from increasing digital interconnectedness with a particular focus on cyber security risks and cyber safety in web-connected organisations.

We identified behavioural challenges in cyber security such as insider threats, phishing emails, security culture and achieving stakeholder buy-in. We also outlined a potential further research opportunity which could tackle behavioural security risks inherent in the management of organisational information assets.

2016-04-25 14.50