Augusta University’s Cyber Institute adopts my book

jsacacalog

Just received some great news from my publisher.  My book has been accepted for use on a course at Augusta University. Here’s some feedback from the course director:

Augusta University’s Cyber Institute adopted the book “The Psychology of Information Security” as part of our Masters in Information Security Management program because we feel that the human factor plays an important role in securing and defending an organisation. Understanding behavioural aspects of the human element is important for many information security managerial functions, such as developing security policies and awareness training. Therefore, we want our students to not only understand technical and managerial aspects of security, but psychological aspects as well.

Advertisements

Cybersecurity Canon: The Psychology of Information Security

 

Big-Canon-Banner.png

My book has been nominated for the Cybersecurity Cannon, a list of must-read books for all cybersecurity practitioners.

Review by Guest Contributor Nicola Burr, Cybersecurity Consultant

Read the rest of this entry »


Delivering a guest lecture at California State University, Long Beach

CSU Long Beach

I’ve been invited to talk to Masters students at the California State University, Long Beach about starting a career in cyber security.  My guest lecture at the Fundamentals of Security class was well received. Here’s the feedback I received from the Professor:

Leron, thank you so much for talking to my students. We had a great session and everybody was feeling very energised afterwards. It always helps students to interact with industry practitioners and you did a fantastic job inspiring the class. I will be teaching this class next semester, too. Let’s keep in touch and see if you will be available to do a similar session with the next cohort. Again, thank you very much for your time – I wish we could have more time available to talk!


User Experience Design

9719949207_bcf69ec9fd_z

Here’s a collection of courses designed to further your knowledge in user experience design. Happy learning!

Read the rest of this entry »


The Psychology of Information Security – Get 10% Off

book.PNG

IT Governance Publishing kindly provided a 10% discount on my book. Simply use voucher code SPY10 on my publisher’s website.

Offer ends 30 November 2016.

 


How to Create a Security Culture at the Workplace

October is National Cyber Security Awareness Month(NCSAM) which is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about cybersecurity,

I’ve been asked to share my views on creating a security culture at the workplace with The State of Security.

I believe the goal is not to teach tricks, but to create a new culture which is accepted and understood by everyone. In order to effectively do so, messages need to be designed and delivered according to each type of employee: there is no such thing as a one-size-fits-all security campaign. Questions that must always be answered include: What are the benefits? What does it matter or why should I care? What impact do my actions have?

Security campaigns must discard scare tactics such as threatening employees with sanctions for breaches. Campaigns should be oriented towards the users’ goals and values, as well as the values of the organisation, such as professionalism and delivery.

A security campaign should emphasise that employees can cause serious damage to an organisation when they engage in non-compliant behaviour, even if it appears to be in an insignificant way. They should understand that they are bearing some responsibility for the security of the organisation and its exposure to risk.

Furthermore, the entire organisation needs to perceive security as bringing value to the company, as opposed to being an obstacle preventing employees from doing their job. It is important for employees to understand that they contribute to the smooth and efficient operation of business processes when they follow recommended security practices, just as security enables the availability of resources that support these processes.


The Psychology of Information Security Culture

logo

In order to reduce security risks within an enterprise, security professionals have traditionally attempted to guide employees towards compliance through security training. However, recurring problems and employee behaviour in this arena indicate that these measures are insufficient and rather ineffective.

Security training tends to focus on specific working practices and defined threat scenarios, leaving the understanding of security culture and its specific principles of behaviour untouched. A security culture should be regarded as a fundamental matter to address. If neglected, employees will not develop habitually secure behaviour or take the initiative to make better decisions when problems arise.

In my talk I will focus on how you can improve security culture in your organisation. I’ll discuss how you can:

  • Understand the root causes of a poor security culture within the workplace
  • Aligning a security programme with wider organisational objectives
  • Manage and communicate these changes within an organisation

The goal is not to teach tricks, but to create a new culture which is accepted and understood by everyone. Come join us at the Security Awareness Summit on 11 Nov for an amazing opportunity to learn from and share with each other. Activities include show-n-tell, 306 Lightening Talks, video wars, group case studies and numerous networking activities. Learn more and register now for the Summit.

Original