1st Edition
Cyber Security Culture Counteracting Cyber Threats through Organizational Learning and Training
Focusing on countermeasures against orchestrated cyber-attacks, Cyber Security Culture is research-based and reinforced with insights from experts who do not normally release information into the public arena. It will enable managers of organizations across different industrial sectors and government agencies to better understand how organizational learning and training can be utilized to develop a culture that ultimately protects an organization from attacks. Peter Trim and David Upton believe that the speed and complexity of cyber-attacks demand a different approach to security management, including scenario-based planning and training, to supplement security policies and technical protection systems. The authors provide in-depth understanding of how organizational learning can produce cultural change addressing the behaviour of individuals, as well as machines. They provide information to help managers form policy to prevent cyber intrusions, to put robust security systems and procedures in place and to arrange appropriate training interventions such as table top exercises. Guidance embracing current and future threats and addressing issues such as social engineering is included. Although the work is embedded in a theoretical framework, non-technical staff will find the book of practical use because it renders highly technical subjects accessible and links firmly with areas beyond ICT, such as human resource management - in relation to bridging the education/training divide and allowing organizational learning to be embraced. This book will interest Government officials, policy advisors, law enforcement officers and senior managers within companies, as well as academics and students in a range of disciplines including management and computer science.
Biography
Peter R.J. Trim is a Senior Lecturer in Management and Director of the Centre for Advanced Management and Interdisciplinary Studies at Birkbeck, University of London. He holds degrees from City University; Cranfield Institute of Technology; and Cambridge University. He has taught in France, Hong Kong and the Netherlands and published widely in areas including Corporate Intelligence and Corporate and National Security. He has been involved in several research projects under the Network Security - Information Infrastructure Protection Programme. David Upton is a Director of Stirling Reid Limited, a specialised consultancy based in London which organises top-level emergency response exercises worldwide and across sectors including government, utility companies, oil, gas, pharmaceutical, shipping and transport. He is a Cambridge graduate who has also studied at London Business School and formerly served in the British Diplomatic Service. He has published books on software, and on scenario planning.
’This excellent book comes at a time when cyber security is paramount in the concerns of all organisations that handle information as an asset - that should be all of us. Relying on technical threat mitigation is not enough. What is required is a change of culture and this book is a first class exemplar of how to do this though changing the way we organise ourselves and how we train to address modern threats. It is a book for everyone with an interest in safeguarding their business and their organisation.’ Neil Fisher, Vice Chairman, Information Assurance Advisory Council ’Protecting critical information infrastructure will be a vital component of business, organisational and national security in the 21st century. Cyber threats - from hacking, terrorism, sabotage or espionage - are already widespread and on the increase, yet many organisations remain poorly prepared for dealing with such attacks. Trim and Upton’s timely book takes a reasoned, well informed and practical approach to this complex topic, providing useful guidance to managers and emphasising an organisational learning approach.’ John Twigg, University College London, UK ’This is a thoughtful and practical approach to handling cyber security incidents. Incident management is fast moving requiring quick decision making which is directly dependent on knowledge and confidence. Building confidence through training and exercising is a valuable initiative.’ Bruno Brunskill, Company Secretary, Information Assurance Advisory Council (IAAC)
