Cybersecurity ABCs

Delivering awareness, behaviours and culture change

By (author) Jessica Barker, Adrian Davis, Bruce Hallas, Ciarán Mc Mahon

Publication date: 15 Feb 2021

Cybersecurity issues, problems and incidents don’t always relate to technological faults. Many can be avoided or mitigated through improved cybersecurity awareness (A), behaviour (B) and culture change (C). These ABCs are key components of the overall security maturity of an organisation. This book is a practical guide to the Cybersecurity ABCs, for business and IT leaders looking to enhance security culture in their organisations by improving understanding and practice of cybersecurity at an individual level. Crucial awareness, behaviour and culture concepts are covered from the ground up alongside practical tips and examples, providing a key resource for those looking to create lasting cybersecurity awareness, behavioural and culture change initiatives.
Jessica Barker is Co-Founder of Cygenta, Chair of ClubCISO, bestselling author and award-winning cybersecurity professional. Adrian Davis is a consulting COO & CIO, as well as a Visiting Professor in Cybersecurity for University of Sunderland. Bruce Hallas is the Founder at the Re-thinking the Human Factor initiative, and creator of SABC® the Security Awareness, Behaviour & Culture Framework. Ciarán Mc Mahon is a director of the Institute of Cyber Security and an award-winning academic psychologist.

Dimensions: 244x170mm

Print ISBN-13: 9781780174242

Ebook ISBN-13: 9781780174266

146 pages

Imprint: BCS, The Chartered Institute for IT

  1. Introduction
  2. Understanding Cybersecurity Awareness
  3. Building Cybersecurity Awareness
  4. Understanding Cybersecurity Behaviour
  5. Changing Cybersecurity Behaviour
  6. Understanding Cybersecurity Culture
  7. Creating and Changing Culture 
  8. Where Next? 
'Provides a fresh and innovative approach to designing and implementing your cybersecurity awareness program. Unlike the majority of books on the subject, the language is easy to digest and the techniques human-focused. I would recommend this book to anyone involved in information security looking to engage the wider organisation and improve cybersecurity awareness.'

Helen Mary Jones CITP CISSP
Group Information Security Manager, The Jockey Club

'A must read for all CISOs and Cybersecurity leaders who want to include people into their cybersecurity strategy. This book has made me realize that our traditional methods to Cybersecurity Awareness, Behavior and Culture has needed a substantial modern approach to empowering people into being a strong link in cybersecurity.'

Joseph Carson CISSP
Chief Security Scientist & Advisory CISO, Thycotic

'A book about information security awareness, behaviors and cultures, by people who live and breathe all three. CYBER SECURITY ABCs explores new depths, debunks myths, answers questions and shines a light on what it means to truly address the all-important human-related elements of modern security. The perfect guide for any security leader looking to make their people their strongest security asset.'

Michael Hill
Editor, Infosecurity Magazine

'An excellent read, and essential for cybersecurity leaders at all levels. This book provides not only easy to understand language, but ‘lived’ experiences, techniques and considerations to improve Awareness, Behaviour and Culture within an organisation. It provides a holistic approach, starting with examining the behaviour of the cybersecurity professional, before dealing with wider organisational change. As this is the only resource I have seen to offer practical Awareness solutions, it also makes it the missing piece from most major, industry-leading certifications.'

Gary Cocklin CITP CISSP
Senior Cyber Security Instructor, UK Royal Air Force (RAF)

'This book does what every great business book does – it makes you think (differently, laterally objectively), and helps develop those thoughts into structure. It doesn’t provide an ordered checklist, but rather, architects a challenge or puzzle for each reader to solve. All of the clues, tools and techniques are laid out by the authors for each of us to successfully build a solution that is a right fit for our working environment.'

Richard Nealon
Trustee of The SABSA Institute

'The perfect read for anyone looking to develop their understanding of the human side of cybersecurity. Trying to create meaningful awareness and driving positive changes in behavior for those who don’t live and breathe cybersecurity is a huge challenge that every organization faces. While there is no magic switch to create a positive cybersecurity culture, using this book as a tool will certainly provide you with the best knowledge, practical tips and insights to help you change the direction of your journey today.'

Joe Pettit
Director, Bora

'Cybersecurity and Psychology make great bed fellows. Digging into awareness, behaviour and culture, the authors address the underlying 'why' that is key to engagement and empowering employees. A pragmatism gained in the field is evident throughout the book making Cybersecurity ABC's a comprehensive manual for the industry professional, that is rich in research and practical advice.'

Andrea Manning
Founder & CEO, CyberPie

'This deeply-researched discussion of the human side of cybersecurity presents clear and actionable guidance on building a robust security programme that gives employees the knowledge and tools to be the first and best line of defence against cyber threats. The authors draw from their extensive professional experience and academic research to explain techniques for raising awareness, encouraging positive behaviours, and building a corporate culture in which protecting against cyber threats becomes as easy and as natural for the entire workforce as reciting the ABCs. I highly recommend it for anyone with an interest in cybersecurity.'

Donald Edwards, CISSP
Director of Network Security, Salesforce

'Cybersecurity ABCs sparked so many creative ideas for my role in Awareness & Training, I had to stop reading to go chat to my team about the suggested actions in how to make our awareness program & security culture at HPE more effective and mature.'

Joanne O'Connor
Cyber Security Training Program Manager, HPE

'This book is extremely important because we tend to focus too much on technology. But as we have seen, a lot of security incidents are not prevented by technology but through Awareness, Bahaviour and Culture. What is also really uplifting is to read a book which is not designed for technical people but instead empowers everyday IT-users to help build security and take part in the day to day IT-security work.'

David Jacoby
Senior Security Researcher, Kaspersky

'The authors have done a good job explaining some of the myths and challenges surrounding “security awareness training” programs. Showing people the WHY of doing something and providing them nudges where we can is important to gaining adoption.'

Ken Underhill
Executive Producer & Host, Cyber Life