Book review: Managing the Human Factor in Information Security

David Lacey’s book concerns the influence of people in protecting information assets and is excellent value.  

It covers a surprisingly wide range of topics relating to the human aspects of information security, mostly from management and operational perspectives.  The book has depth too, while remaining generally pragmatic in style.

I highly recommend the book for all information security professionals, particularly CISOs and Information Security Managers who are not entirely comfortable with the social elements of information security, and for information security MSc students who want to boost their understanding in this area.  The book is particularly valuable also for information security awareness and training professionals who necessarily deal with human factors on a daily basis, and need to understand how best to work with and influence their organizational cultures.