Information Security Awareness

Information Security Awareness: The Psychology Behind the Technology is a book written for information security managers and organizational leaders. This text focuses on the behaviors of information systems users in an organizational setting and why this is critical to successful information security awareness programs. The ultimate goal of all information security awareness programs from a business perspective is to change the behavior of users, resulting in fewer user-related errors that cause costly and destructive security incidents. Rather than taking a traditional technology-oriented approach the author has taken a unique method by exploring and discussing six key psychological aspects of people's behavior. Specifically the author discusses how these phenomena relate to, and impact, an information security program. The six behavioral-oriented phenomena reviewed in this book are: motivation, attitude, beliefs, personality, morals, and ethics. These six phenomena are the basis for a new psychological-based framework that the author presents in this book known as POSTTM. POSTTM is an acronym for "The Psychology of Security and Technology". Many organizations take the approach of "informing" their user community of their security policies, guidelines, and procedures. This would be described as a descriptive approach, meaning the users are told they must comply because management requires them to. Recent research in organizational psychology and information security awareness postulates that this approach is flawed. The descriptive-based approach does nothing to help the users internalize or justify the organizations requirements, therefore their attitudes and motivations will be lacking and ultimately produce undesirable results. A new prescriptive-based approach to information security awareness is presented in the book which leverages the POSTTM constructs. This new approach focuses on users internalizing information security messages and policies.