Below are a selection of books written by authors who specialise in the human aspect of cybersecurity. Some are progressive in their approach. Others, less so.
However, each book has some real gems and all provide incredible insights into the range of views, ideas and challenges in the field.
Recommended reading for anyone who wants to specialise in this field or deepen their expertise.
Social Engineering, the science of human hacking
This book reveals the craftier side of the hacker’s repertoire―why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces.
You Can Stop Stupid – Stopping Losses from Accidental and Malicious Actions
Ira Wrinkler & Dr Tracy Celaya Brown
Using lessons from tested and proven disciplines like military kill-chain analysis, counterterrorism analysis, industrial safety programs, and more, Ira Winkler and Dr. Tracy Celaya’s You CAN Stop Stupid provides a methodology to analyze potential losses and determine appropriate countermeasures to implement.
Security Culture – A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation
Hilary Walton combines her research and her unique work portfolio to provide proven security culture strategies with practical advice on their implementation. And she does so across the board: from management buy-in, employee development and motivation, right through to effective metrics for security culture activities.
People-Centric Security: Transforming Your Enterprise Security Culture
This book addresses the urgent need for change at the intersection of people and security. Essentially a complete security culture toolkit, this comprehensive resource provides you with a blueprint for assessing, designing, building, and maintaining human firewalls.
Security Awareness Program Builder
This book defines a common framework for building a broad awareness program using the Train, Reinforce, Assess and Manage (TRAM) model. It includes specific advice and examples for activities across the TRAM functions. This book is filled with examples of deliverables an awareness professional can leverage in their program.
Building a Cybersecurity Culture: A Strategic Guide to Protecting Your Business
This essential resource begins with a call to empowerment, encouraging you to embrace a security-first mindset that will permeate your organisation. Within these pages, you will explore the complex landscape of global security challenges and gain valuable insights into the psychology that drives security awareness and behaviour. This book addresses the ‘why’ and equips you with the ‘how’.
Security Awareness For Dummies
Written by one of the world’s most influential security professionals—and an Information Systems Security Association Hall of Famer—this pragmatic and easy-to-follow book provides a framework for creating new and highly effective awareness programs from scratch, as well as steps to take to improve on existing ones. It also covers how to measure and evaluate the success of your program and highlight its value to management.
The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer
The Security Culture Playbook, Perry Carpenter and Kai Roer, two veteran cybersecurity strategists deliver experience-driven, actionable insights into how to transform your organization’s security culture and reduce human risk at every level.
The Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security
Drawing from her experience as CMO of one of the world’s largest cybersecurity companies, author Allison Cerra incorporates straightforward assessments, adaptable action plans, and many current examples to provide practical recommendations for cybersecurity policies.
The Weakest Link: How to Diagnose, Detect, and Defend Users from Phishing
Cybersecurity expert Arun Vishwanath offers a new, evidence-based approach for detecting and defending against phishing–an approach that doesn’t rely on continual training and retraining but provides a way to diagnose user vulnerability.
Vishwanath explains how organizations can build a culture of cyber safety. He presents a Cyber Risk Survey (CRS) to help managers understand which users are at risk and why.
Cybersecurity ABCs: Delivering awareness, behaviours and culture change
Jessica Barker, Adrian Davis, Bruce Hallas & Ciaran Mc Mahon
Cyber Security ABCs, by Dr. Jessica Barker, Adrian Davis, Bruce Hallas & Ciaran Mc Mahon presents a practical, engaging guide to fostering security-conscious behaviors across all levels of an organization. Through clear, accessible advice, it helps leaders deliver effective cybersecurity strategies focused on changing human behavior to enhance overall security resilience.
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors
Transformational Security Awareness, by Perry Carpenter, combines neuroscience and storytelling to revolutionize how organizations approach security awareness. This book offers a compelling framework for creating security programs that go beyond traditional methods, leveraging the power of human psychology to foster lasting behavior change and a deeper understanding of security risks.
The Psychology of Information Security
The Psychology of Information Security, by Leron Zinatullin, explores the human aspects of cybersecurity, offering strategies to align security measures with the way people think and behave. Drawing on psychological principles, the book provides actionable insights on how to design security programs that not only protect systems but also resonate with users, minimizing friction and maximizing adoption. Through a mix of theory and practical advice, it helps organizations foster a security-conscious culture.
Humans and Cyber Security: How Organisations Can Enhance Resilience Through Human Factors
Humans and Cyber Security: How Organisations Can Enhance Resilience Through Human Factors, by Amanda Widdowson, examines the role of human factors in cyber security, shifting the focus from individual errors to organizational root causes. The book explores why undesirable security behaviors occur and how to mitigate them by improving organizational practices rather than attempting to change individual behavior. It introduces behavioral models, discusses individual and organizational vulnerabilities, and provides practical strategies for reducing human-related cyber risks.
