Information Security Governance, Technology, Processes and People: Compliance and Organisational Readiness

Pappenheim da Silva, Berta; da Silva, Alonso Jose; Davidsen, Josefine Ehlers

doi:10.1007/978-3-030-11289-9_4

Berta Pappenheim da Silva¹⁵,
Alonso Jose da Silva II¹⁵ &
Josefine Ehlers Davidsen¹⁵

Part of the book series: Advanced Sciences and Technologies for Security Applications ((ASTSA))

1850 Accesses
2 Citations

Abstract

Compliance and an increasing level of cyber maturity form crucial part of corporate defence systems and are the basis of any well-functioning cyber security programme. As the scope of compliance widens with the maturity of the organisation, the human element needs to be addressed as well. Cyber maturity assessments, red teaming and capture the flag exercises help simulate the threat vectors tactics, tools and procedures, give defenders an insight into the enemy motives and help mitigate technical exposure. However, most of these exercises are being delivered with an exclusive aim to achieve technical learning and address incidents on a technical vulnerability level. This chapter looks at how can organisations – having achieved the necessary compliance and governance standards – understand and address human behaviour as cyber security threat. These can be team member’s individual blind-spots and glitches in high-risk team dynamics, which are, if ineffective, are considered system vulnerabilities. When these risk behaviours have been identified and addressed with targeted interventions and training, organisations will be able to mitigate the human risk directly, just as they would patch their on-line systems or scan their networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 119.00; Price excludes VAT (USA)

Hardcover Book: USD 159.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Aiken M (2016) The cyber effect. Spiegel & Grau, New York
Google Scholar
Bank of England stages day of war games to combat cyber-attacks (2018) The Guardian. (Online). Available at https://www.theguardian.com/business/2018/nov/09/bank-of-england-stages-war-games-combat-cyber-attacks-data-breaches. Accessed 11 Nov 2018
Cyber Exercise Playbook (2014) The Mitre Corporation. (Online). Available at: https://www.pdffiller.com/211594986-pr_14-3929-cyber-exercise-playbookpdf-Cyber-Exercise-Playbook-Mitre-Corporation-mitre-Various-Fillable-Forms. Accessed 31 Oct 2018
Cyber Storm Final Report (2016) US Homeland Security. (Online). Available at https://www.dhs.gov/publication/cyber-storm-final-reports. Accessed 06 Nov 2018
Deloitte’s GDPR Benchmarking Survey (2018) Deloitte. [Online]. Available at https://www2.deloitte.com/global/en/pages/risk/articles/deloitte-gdpr-benchmarking-survey-the-time-is-now.html. Accessed 07 Nov 2018
IT Glossary. Gartner. (Online). Available at https://blogs.gartner.com/it-glossary/identity-and-access-management-iam/. Accessed 07 Nov 2018
Minimum Cyber Security Standard (2018) UK Government. [Online]. Available at https://www.gov.uk/government/publications/the-minimum-cyber-security-standard. Accessed 07 Nov 2018
MOD (2010) The development, concepts and doctrine centre (DCDC), Red teaming guide, 2010 Accessed https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/142533/20130301_red_teaming_ed2.pdf
NIST 800-53 vs ISO 27002 vs NIST Cybersecurity Framework? (2018) Complianceforge. [Online]. Available at https://www.complianceforge.com/faq/nist-800-53-vs-iso-27002.html. Accessed 07 Nov 2018
The Global State of Information Security® Survey (2018). PWC (Online). Available at https://www.pwc.com/us/en/services/consulting/cybersecurity/library/information-security-survey.html. Accessed 31 Oct 2018

Download references

Author information

Authors and Affiliations

The CyberFish Cyberpsychology Solutions, London, UK
Berta Pappenheim da Silva, Alonso Jose da Silva II & Josefine Ehlers Davidsen

Authors

Berta Pappenheim da Silva
View author publications
You can also search for this author in PubMed Google Scholar
Alonso Jose da Silva II
View author publications
You can also search for this author in PubMed Google Scholar
Josefine Ehlers Davidsen
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Berta Pappenheim da Silva .

Editor information

Editors and Affiliations

London Campus, Northumbria University, London, UK
Hamid Jahankhani
London Campus, Northumbria University, London, UK
Stefan Kendzierskyj
London Campus, Northumbria University, London, UK
Arshad Jamal
University of Wolverhampton, Wolverhampton, UK
Gregory Epiphaniou
University of Wolverhampton, Wolverhampton, UK
Haider Al-Khateeb

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Pappenheim da Silva, B., da Silva, A.J., Davidsen, J.E. (2019). Information Security Governance, Technology, Processes and People: Compliance and Organisational Readiness. In: Jahankhani, H., Kendzierskyj, S., Jamal, A., Epiphaniou, G., Al-Khateeb, H. (eds) Blockchain and Clinical Trial. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-11289-9_4

Download citation

DOI: https://doi.org/10.1007/978-3-030-11289-9_4
Published: 09 April 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11288-2
Online ISBN: 978-3-030-11289-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics