Focusing on countermeasures against orchestrated cyber-attacks, Cyber Security Culture is research-based and reinforced with insights from experts who do not normally release information into the public arena. It will enable managers of organizations across different industrial sectors and government agencies to better understand how organizational learning and training can be utilized to develop a culture that ultimately protects an organization from attacks. Peter Trim and David Upton believe that the speed and complexity of cyber-attacks demand a different approach to security management, including scenario-based planning and training, to supplement security policies and technical protection systems. The authors provide in-depth understanding of how organizational learning can produce cultural change addressing the behaviour of individuals, as well as machines. They provide information to help managers form policy to prevent cyber intrusions, to put robust security systems and procedures in place and to arrange appropriate training interventions such as table top exercises. Guidance embracing current and future threats and addressing issues such as social engineering is included. Although the work is embedded in a theoretical framework, non-technical staff will find the book of practical use because it renders highly technical subjects accessible and links firmly with areas beyond ICT, such as human resource management - in relation to bridging the education/training divide and allowing organizational learning to be embraced. This book will interest Government officials, policy advisors, law enforcement officers and senior managers within companies, as well as academics and students in a range of disciplines including management and computer science.
’This excellent book comes at a time when cyber security is paramount in the concerns of all organisations that handle information as an asset - that should be all of us. Relying on technical threat mitigation is not enough. What is required is a change of culture and this book is a first class exemplar of how to do this though changing the way we organise ourselves and how we train to address modern threats. It is a book for everyone with an interest in safeguarding their business and their organisation.’ Neil Fisher, Vice Chairman, Information Assurance Advisory Council ’Protecting critical information infrastructure will be a vital component of business, organisational and national security in the 21st century. Cyber threats - from hacking, terrorism, sabotage or espionage - are already widespread and on the increase, yet many organisations remain poorly prepared for dealing with such attacks. Trim and Upton’s timely book takes a reasoned, well informed and practical approach to this complex topic, providing useful guidance to managers and emphasising an organisational learning approach.’ John Twigg, University College London, UK ’This is a thoughtful and practical approach to handling cyber security incidents. Incident management is fast moving requiring quick decision making which is directly dependent on knowledge and confidence. Building confidence through training and exercising is a valuable initiative.’ Bruno Brunskill, Company Secretary, Information Assurance Advisory Council (IAAC)