Skip to Main Content
Save 25% on selected auditor training courses. Find out more
The psychology of information security

The Psychology of Information Security - Resolving conflicts between security compliance and human behaviour

SKU: 4736
Authors: Leron Zinatullin
Publishers: ITGP
Format: PDF
ISBN13: 9781849287906
Published: 26 Jan 2016
Availability: Available
Format: ePub
ISBN13: 9781849287913
Published: 26 Jan 2016
Availability: Available
Format: Audiobook
ISBN13: 9781787780934

Indispensable guide to help create a robust security culture that will be understood by your staff and the business.

  • Reveals the psychology behind information security to ensure the success of your security programme;
  • Provides advice and tips to mitigate many of the challenges faced in risk management; and 
  • Includes valuable insights and recommendations to improve the culture and find the balance between security and productivity.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account.  Apply online today or call our service centre team on +44 (0)333 800 7000.

Paperback formats are available for all IT Governance Publishing titles on request.
Please contact us for further information: +44 (0)333 666 9000

Price: £12.95

Security programmes cannot succeed without considering people

When implementing security polices, information security professionals are constantly faced with a conflict between the security team and the rest of the business. They must ensure that their organisation is adequately addressing information security risks, whilst also communicating the value of security appropriately.

David Ferbrache, Technical Director at KPMG UK, says “No approach can ever succeed without considering people – and as a profession we need to look beyond our computers to understand the business, the culture of the organisations, and, most of all, how we can create a security environment which helps people feel free to actually do their job.”

By gaining an understanding of the psychology of information security, you can ensure your security programme is a success.

Augusta University’s Cyber Institute adopted the book “The Psychology of Information Security” as part of our Master’s in Information Security Management program because we feel that the human factor plays an important role in securing and defending an organization…We want our students to not only understand technical and managerial aspects of security, but psychological aspects as well.”

 -Director of Graduate Studies in Information Security Management, Augusta University

Understand human behaviour and users’ motivations

Based on insights gained from academic research and interviews with security professionals from various sectors, this essential guide explains the importance of careful risk management and reveals how to align a security programme with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.

The Psychology of Information Security redresses the balance by considering information security from both end users’ and security professionals’ perspectives, and helps you to understand how a security culture, that puts risk into context, promotes compliance.

Look inside this book


  • Introduction to information security
  • Risk management
  • The complexity of risk management
  • Stakeholders and communication
  • Information security governance
  • Problems with policies
  • How security managers make decisions
  • How users make decisions
  • Security and usability
  • Security culture
  • The psychology of compliance
  • Conclusion – Changing the approach to security
  • Appendix: Analogies 
About the author

Leron Zinatullin

Leron Zinatullin ( is an experienced risk consultant specialising in cyber security strategy, management and delivery. He has led large-scale, global, high-value security transformation projects with a view to improve cost performance and support business strategy.

He has extensive knowledge and practical experience in solving information security, privacy and architectural issues across multiple industry sectors.

He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behaviour.

Customer Reviews

(4.69)stars out of 5
Number of reviews: 16
1. on 29/12/2022, said:
5 stars out of 5
A really interesting book looking at the behaviours and psychology behind the incidents. It opens your eyes to what causes the incidents and non-conformities, and the methods that can be used to help understanding within people.
2. on 03/05/2019, said:
5 stars out of 5
Great book!
3. on 25/01/2017, said:
5 stars out of 5
Augusta University’s Cyber Institute adopted the book “The Psychology of Information Security” as part of our Master’s in Information Security Management program because we feel that the human factor plays an important role in securing and defending an organization. Understanding behavioral aspects of the human element is important for many information security managerial functions, such as developing security policies and awareness training. Therefore, we want our students to not only understand technical and managerial aspects of security, but psychological aspects as well.
4. on 13/01/2017, said:
4 stars out of 5
A clear, concise text that breaks down information security into manageable chunks, with plenty of food for thought.
5. on 11/02/2016, said:
5 stars out of 5
This book takes some of the most fundamental aspects of information security and provides expert insight and solutions that all businesses can learn from. A lot of people struggle to understand the basic concepts and importance of cyber security to their business, but here we read about real-life scenarios and business advice, in a simple yet effective manner, that everyone can relate to. The book acknowledges the need for people to work together to improve their position and this is exactly what Leron has done to create such a fantastic book. Featuring thoughts and concepts from industry leaders such as Javvad Mailk, Thom Langford and Bruce Schneier. I’d highly recommend this book for any CEO or any executive that wants to understand what security means for their business.
6. on 10/02/2016, said:
5 stars out of 5
Leron provides many thought provoking insights on how human behaviour affects risk management. Without understanding the intricacies between these two topics, teams delivering security improvements may not be successful. This is essential reading for anyone seeking to expand their expertise beyond technical risk topics.
7. on 10/02/2016, said:
4 stars out of 5
This is a short and sweet book that you can whizz through in an hour, whether to top up what you know about information security - and security management generally - or to provoke yourself into some thinking.
8. on 09/02/2016, said:
5 stars out of 5
I have grown quite enthusiastic about this work. Clear arguments are provided based on accepted science, with these brought together in a strong case for a new approach to security. As such, the views in this book coincide with the fresh wind also found in accountancy of cooperate governance, focusing on the new trend for leadership within security.
9. on 08/02/2016, said:
5 stars out of 5
I found this book an excellent read. The author combines personal experience, academic research and interviews to provide a different perspective on IT security compliance. The book moves away from the traditional approach of checklists and strict enforcement of compliance to explain the reasons why people choose, or fail, to comply, and proposes some good higher impact solutions based on modifying behaviours
10. on 05/02/2016, said:
4 stars out of 5
This book is a refreshing take on an old subject; it serves as both a fresh way to look at information security risks in your organisation as well as an introduction to risk management if you have just started in the role. Using a broad range of sources from academic to face to face interviews it cuts to the heart of many of the challenges in risk management, providing advice and tips from interviews as well as models that can be employed easily. Zinatullin manages to do this without being patronising or prescriptive, making this book an easy read with some very real practical takeaways.
Showing comments 1-10 of 16 (Next 10)
Click here to see all reviews
SAVE 25%