CHAPTER 12: CONCLUSION - CHANGING THE APPROACH TO SECURITY
In order to reduce security risks within an enterprise, security professionals have traditionally attempted to guide employee behaviour towards compliance by communicating the cost of risk and through security training. However, recurring problems and employee behaviour in this arena indicate that these measures are insufficient and rather ineffective.
Security training tends to focus on specific working practices and defined threat scenarios, leaving the understanding of security culture and its specific principles of behaviour untouched. A security culture should be regarded as a fundamental matter to address. If neglected, employees will not develop habitually secure behaviour or take ...
Get The Psychology of Information Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
