Skip to Main Content
Select regional store:
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
The psychology of information security

The Psychology of Information Security - Resolving conflicts between security compliance and human behaviour

SKU: 4736
Authors: Leron Zinatullin
Publishers: ITGP
Format: PDF
ISBN13: 9781849287906
Published: 26 Jan 2016
Availability: Available
Format: ePub
ISBN13: 9781849287913
Published: 26 Jan 2016
Availability: Available
Format: Audiobook
ISBN13: 9781787780934

Indispensable guide to help create a robust security culture that will be understood by your staff and the business.

  • Reveals the psychology behind information security to ensure the success of your security program;
  • Provides advice and tips to mitigate many of the challenges faced in risk management; and
  • Includes valuable insights and recommendations to improve the culture and find the balance between security and productivity.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our training sales team on +1 877 317 3454.

Price: $16.99

Security programs cannot succeed without considering people

When implementing security polices, information security professionals are constantly faced with a conflict between the security team and the rest of the business. They must ensure that their organization is adequately addressing information security risks, whilst also communicating the value of security appropriately.

David Ferbrache, Technical Director at KPMG UK, says “No approach can ever succeed without considering people – and as a profession we need to look beyond our computers to understand the business, the culture of the organizations, and, most of all, how we can create a security environment which helps people feel free to actually do their job.”

By gaining an understanding of the psychology of information security, you can ensure your security program is a success.

Understand human behaviour and users’ motivations

Based on insights gained from academic research and interviews with security professionals from various sectors, this essential guide explains the importance of careful risk management and reveals how to align a security program with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.

The Psychology of Information Security redresses the balance by considering information security from both end users’ and security professionals’ perspectives, and helps you to understand how a security culture, that puts risk into context, promotes compliance.

Look inside this book >


  • Introduction to information security
  • Risk management
  • The complexity of risk management
  • Stakeholders and communication
  • Information security governance
  • Problems with policies
  • How security managers make decisions
  • How users make decisions
  • Security and usability
  • Security culture
  • The psychology of compliance
  • Conclusion – Changing the approach to security
  • Appendix: Analogies
About the author

Leron Zinatullin

Leron Zinatullin ( is an experienced risk consultant specialising in cybersecurity strategy, management, and delivery. He has led large-scale, global, high-value security transformation projects with a view to improve cost performance and support business strategy.

He has extensive knowledge and practical experience in solving information security, privacy, and architectural issues across multiple industry sectors.

He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behaviour.

Customer reviews

(4.60)stars out of 5
# of Ratings: 10
1. on 2/1/2018, said:
5 stars out of 5
This brief primer provides a great introduction to the challenges of matching staff expectations and security requirements.
2. on 2/1/2018, said:
4 stars out of 5
I think this book is a good investment for those working in the information security industry looking for ideas from the latest research in productive security. The style of writing, and the anecdotes ensure that practitioners are given lots of bite-sized ideas that they can take away and put into practice right away.
3. on 2/1/2018, said:
4 stars out of 5
This book is a refreshing take on an old subject; it serves as both a fresh way to look at information security risks in your organisation as well as an introduction to risk management if you have just started in the role. Using a broad range of sources from academic to face to face interviews it cuts to the heart of many of the challenges in risk management, providing advice and tips from interviews as well as models that can be employed easily. Zinatullin manages to do this without being patronising or prescriptive, making this book an easy read with some very real practical takeaways.
4. on 2/1/2018, said:
5 stars out of 5
I found this book an excellent read. The author combines personal experience, academic research and interviews to provide a different perspective on IT security compliance. The book moves away from the traditional approach of checklists and strict enforcement of compliance to explain the reasons why people choose, or fail, to comply, and proposes some good higher impact solutions based on modifying behaviours
5. on 2/1/2018, said:
5 stars out of 5
I have grown quite enthusiastic about this work. Clear arguments are provided based on accepted science, with these brought together in a strong case for a new approach to security. As such, the views in this book coincide with the fresh wind also found in accountancy of cooperate governance, focusing on the new trend for leadership within security.
6. on 2/1/2018, said:
4 stars out of 5
This is a short and sweet book that you can whizz through in an hour, whether to top up what you know about information security - and security management generally - or to provoke yourself into some thinking.
7. on 2/1/2018, said:
5 stars out of 5
Leron provides many thought provoking insights on how human behaviour affects risk management. Without understanding the intricacies between these two topics, teams delivering security improvements may not be successful. This is essential reading for anyone seeking to expand their expertise beyond technical risk topics.
8. on 2/1/2018, said:
5 stars out of 5
This book takes some of the most fundamental aspects of information security and provides expert insight and solutions that all businesses can learn from. A lot of people struggle to understand the basic concepts and importance of cyber security to their business, but here we read about real-life scenarios and business advice, in a simple yet effective manner, that everyone can relate to. The book acknowledges the need for people to work together to improve their position and this is exactly what Leron has done to create such a fantastic book. Featuring thoughts and concepts from industry leaders such as Javvad Mailk, Thom Langford and Bruce Schneier. I’d highly recommend this book for any CEO or any executive that wants to understand what security means for their business.
9. on 1/25/2017, said:
5 stars out of 5
Augusta University’s Cyber Institute adopted the book “The Psychology of Information Security” as part of our Master’s in Information Security Management program because we feel that the human factor plays an important role in securing and defending an organization. Understanding behavioral aspects of the human element is important for many information security managerial functions, such as developing security policies and awareness training. Therefore, we want our students to not only understand technical and managerial aspects of security, but psychological aspects as well.
10. on 1/13/2017, said:
4 stars out of 5
A clear, concise text that breaks down information security into manageable chunks, with plenty of food for thought.
Showing comments 1-10 of 10
This website uses cookies. View our cookie policy