| Foreword, by Gurpreet Dhillon |
|
xi | |
| Acknowledgments |
|
xiii | |
| Preface |
|
xv | |
| CHAPTER 1 An Introduction to Information Protection and Employee Behavior |
|
1 | (10) |
|
|
|
9 | (2) |
| CHAPTER 2 How Employees Affect Information Security |
|
11 | (28) |
|
An Information Security Overview |
|
|
12 | (10) |
|
Security Implications of Employee |
|
|
|
Information Technology Usage |
|
|
22 | (15) |
|
Summary: EmployeesBoth a Vulnerability and a Resource |
|
|
37 | (2) |
| CHAPTER 3 Information Security Technologies and Operations |
|
39 | (24) |
|
Security Technology Overview |
|
|
39 | (7) |
|
Protection Technologies for Use on the Inside |
|
|
46 | (15) |
|
Summary: Two Pitfalls of Employee Monitoring |
|
|
61 | (2) |
| CHAPTER 4 Employee Monitoring, Surveillance, and Privacy |
|
63 | (20) |
|
Laws Affecting Security and Privacy |
|
|
64 | (4) |
|
Analyzing Privacy at Work |
|
|
68 | (3) |
|
Privacy as Control over Personal Information |
|
|
71 | (3) |
|
|
|
74 | (2) |
|
|
|
76 | (3) |
|
|
|
79 | (1) |
|
Information Privacy in the Workplace: Three Factors and the Zone |
|
|
80 | (3) |
| CHAPTER 5 Managerial Perspectives |
|
83 | (42) |
|
Managers' Attitudes Toward Information Technology |
|
|
85 | (10) |
|
Managers' Beliefs About Information Security |
|
|
95 | (16) |
|
Managerial Perspectives on Employee Monitoring |
|
|
111 | (6) |
|
Statistical Studies of Managers and Security |
|
|
117 | (8) |
| CHAPTER 6 Information Technology Professionals' Perspectives |
|
125 | (38) |
|
Influencing User Behavior |
|
|
134 | (3) |
|
|
|
137 | (3) |
|
|
|
140 | (5) |
|
|
|
145 | (3) |
|
|
|
148 | (5) |
|
|
|
153 | (4) |
|
Survey of Information Technology Professionals |
|
|
157 | (3) |
|
Information Technology Professionals' Perspectives on Security and Privacy |
|
|
160 | (3) |
| CHAPTER 7 Employee Perspectives on Information Security and Privacy |
|
163 | (64) |
|
Background: Employee Beliefs About Information Technology and Security |
|
|
167 | (23) |
|
Vulnerabilities: Users' Perceptions of Barriers to Positive Security Practices |
|
|
190 | (9) |
|
User Perspectives on Training, Policy, and Monitoring |
|
|
199 | (8) |
|
Employee Perspectives on Workplace Monitoring |
|
|
207 | (9) |
|
Overall Recap of Interview Data |
|
|
216 | (1) |
|
A Survey of Employee Beliefs and Information Security |
|
|
217 | (10) |
| CHAPTER 8 Overall Analysis and Interpretation |
|
227 | (26) |
|
Priorities for Information Security |
|
|
228 | (3) |
|
Computer-Related Behavior of Employees/Users |
|
|
231 | (2) |
|
Communication Among Different Groups in the Organization |
|
|
233 | (2) |
|
Policies, Training, and Behavioral Influences |
|
|
235 | (5) |
|
Electronic Monitoring and Surveillance Rights |
|
|
240 | (2) |
|
Organizational Cycles of Monitoring and Security |
|
|
242 | (8) |
|
Complex Security Risks in Organizations |
|
|
250 | (3) |
| CHAPTER 9 Recommendations for Managers, Employees, and Information Security Professionals |
|
253 | (22) |
|
The Main Message: Transparent Security Governance |
|
|
254 | (11) |
|
Resistance to Organizational Change |
|
|
265 | (7) |
|
Promoting Insider Integrity |
|
|
272 | (3) |
| References |
|
275 | (22) |
| Appendix A: Recommended Reading |
|
297 | (8) |
| Appendix B: Discussion Questions |
|
305 | (8) |
| Appendix C: Employee Security-Related Behavior List |
|
313 | (4) |
| Appendix D: Leadership Interview Protocol |
|
317 | (4) |
| Appendix E: Information Security Professional Interview Protocol |
|
321 | (4) |
| Appendix F: Employee Interview Protocol |
|
325 | (4) |
| Appendix G: Straightforward Acceptable Use Policy |
|
329 | (4) |
| Appendix H: Straightforward Password Policy |
|
333 | (4) |
| About the Authors |
|
337 | (2) |
| Index |
|
339 | |
