INTRODUCTION TO PART IV

PREVENTION: HUMAN FACTORS

Human factors underlie all the mechanisms invented by technical experts. Without human awareness, training, education, and motivation, technical defenses inevitably fail. This part details a number of valuable areas of knowledge for security practitioners, including these chapters and topics:

• 43. Ethical Decision Making and High Technology. A strategy for setting a high priority on ethical behavior and a framework for making ethical decisions
• 44. Security Policy Guidelines. Guidelines for how to express security policies effectively
• 45. Employment Practices and Policies. Policy guidelines on hiring, managing, and firing employees
• 46. Vulnerability Assessment. Methods for smoothly integrating vulnerability assessments into the corporate culture
• 47. Operations Security and Production Controls. Running computer operations securely, and controlling production for service levels and quality
• 48. E-Mail and Internet Use Policies. Guidelines for setting expectations about employee use of the Web and e-mail at work
• 49. Implementing a Security Awareness Program. Methods for ensuring that all employees are aware of security requirements and policies
• 50. Using Social Psychology to Implement Security Policies. Drawing on the science of social psychology for effective implementation of security policies
• 51. Security Standards for Products. Established standards for evaluating the trustworthiness and effectiveness of security products