Introduction.- The scenario.- Security: Human nature and behavior.- Redefining the approach to cybersecurity.- Building Cybersecurity Culture.- Communication is not optional.- Developing cybersecurity awareness.- Training methods.- Conclusions.
Isabella Corradini is a social psychologist and criminologist. She is the director of Themis Research Center, an interdisciplinary research organization for the psychological and social sciences, with a special focus on human factors in safety and security. She is also co-founder of the Link&Think Research Lab, which provides information, education and socio-technical analyses of information technologies. Isabella is a recognized expert in the field of human factors in safety and security, and in the area of communication. She served as a Professor of Social Psychology at various Italian universities for ten years. She is currently a lecturer in master’s and industrial training programmes, and a consultant for national and international organizations on awareness initiatives aimed at developing safety and security cultures. A member of several technical and scientific committees, Isabella is also the author of numerous articles, chapters and books on the above-mentioned topics, and the editor of a book series on the topic of reputation for a major Italian publisher.
This book offers a practice-oriented guide to developing an effective cybersecurity culture in organizations. It provides a psychosocial perspective on common cyberthreats affecting organizations, and presents practical solutions for leveraging employees’ attitudes and behaviours in order to improve security.
Cybersecurity, as well as the solutions used to achieve it, has largely been associated with technologies. In contrast, this book argues that cybersecurity begins with improving the connections between people and digital technologies. By presenting a comprehensive analysis of the current cybersecurity landscape, the author discusses, based on literature and her personal experience, human weaknesses in relation to security and the advantages of pursuing a holistic approach to cybersecurity, and suggests how to develop cybersecurity culture in practice.
Organizations can improve their cyber resilience by adequately training their staff. Accordingly, the book also describes a set of training methods and tools. Further, ongoing education programmes and effective communication within organizations are considered, showing that they can become key drivers for successful cybersecurity awareness initiatives. When properly trained and actively involved, human beings can become the true first line of defence for every organization.