Human factors underlie all the mechanisms invented by technical experts. Without human awareness, training, education, and motivation, technical defenses inevitably fail. This part details a number of valuable areas of knowledge for security practitioners, including these chapters and topics:
43. Ethical Decision Making and High Technology. A strategy for setting a high priority on ethical behavior and a framework for making ethical decisions
44. Security Policy Guidelines. Guidelines for how to express security policies effectively
45. Employment Practices and Policies. Policy guidelines on hiring, managing, and firing employees
46. Vulnerability Assessment. Methods for smoothly integrating vulnerability assessments into the corporate culture
47. Operations Security and Production Controls. Running computer operations securely, and controlling production for service levels and quality
48. E-Mail and Internet Use Policies. Guidelines for setting expectations about employee use of the Web and e-mail at work
49. Implementing a Security Awareness Program. Methods for ensuring that all employees are aware of security requirements and policies
50. Using Social Psychology to Implement Security Policies. Drawing on the science of social psychology for effective implementation of security policies
51. Security Standards for Products. Established standards for evaluating the trustworthiness and effectiveness of security products