Information Security Governance, Technology, Processes and People: Compliance and Organisational Readiness

  • Berta Pappenheim da SilvaEmail author
  • Alonso Jose da SilvaII
  • Josefine Ehlers Davidsen
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Compliance and an increasing level of cyber maturity form crucial part of corporate defence systems and are the basis of any well-functioning cyber security programme. As the scope of compliance widens with the maturity of the organisation, the human element needs to be addressed as well. Cyber maturity assessments, red teaming and capture the flag exercises help simulate the threat vectors tactics, tools and procedures, give defenders an insight into the enemy motives and help mitigate technical exposure. However, most of these exercises are being delivered with an exclusive aim to achieve technical learning and address incidents on a technical vulnerability level. This chapter looks at how can organisations – having achieved the necessary compliance and governance standards – understand and address human behaviour as cyber security threat. These can be team member’s individual blind-spots and glitches in high-risk team dynamics, which are, if ineffective, are considered system vulnerabilities. When these risk behaviours have been identified and addressed with targeted interventions and training, organisations will be able to mitigate the human risk directly, just as they would patch their on-line systems or scan their networks.


Corporate defence systems Cyber resilience Electronic patient health information Red teaming Risk behaviours PHI Cyber maturity assessment NISTGDPR Cyber-attack Cyber Range Wargaming Cyberpsychology 


  1. Aiken M (2016) The cyber effect. Spiegel & Grau, New YorkGoogle Scholar
  2. Bank of England stages day of war games to combat cyber-attacks (2018) The Guardian. (Online). Available at Accessed 11 Nov 2018
  3. Cyber Exercise Playbook (2014) The Mitre Corporation. (Online). Available at: Accessed 31 Oct 2018
  4. Cyber Storm Final Report (2016) US Homeland Security. (Online). Available at Accessed 06 Nov 2018
  5. Deloitte’s GDPR Benchmarking Survey (2018) Deloitte. [Online]. Available at Accessed 07 Nov 2018
  6. IT Glossary. Gartner. (Online). Available at Accessed 07 Nov 2018
  7. Minimum Cyber Security Standard (2018) UK Government. [Online]. Available at Accessed 07 Nov 2018
  8. MOD (2010) The development, concepts and doctrine centre (DCDC), Red teaming guide, 2010 Accessed
  9. NIST 800-53 vs ISO 27002 vs NIST Cybersecurity Framework? (2018) Complianceforge. [Online]. Available at Accessed 07 Nov 2018
  10. The Global State of Information Security® Survey (2018). PWC (Online). Available at Accessed 31 Oct 2018

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Berta Pappenheim da Silva
    • 1
    Email author
  • Alonso Jose da SilvaII
    • 1
  • Josefine Ehlers Davidsen
    • 1
  1. 1.The CyberFish Cyberpsychology SolutionsLondonUK

Personalised recommendations