Information Security is not just about IT
Information security is not perfect. You can tick all the right boxes and acquire the latest technology, but may still fall prey to cyber criminals. This is because information security is not just about IT. In the end, the threats to cyber security comes from human beings as much as from technology. To defend against the wide range of cyber crime vectors requires a multi-faceted, coordinated approach. And that means that senior staff need to understand the nature of the threats.

Leadership
Your company's approach to information security has to be integrated with your overall business goals. Directors have to provide leadership that involves an awareness of cyber security, while the staff engaged in fulfilling corporate objectives on the ground need to understand the company's information security policy and be able to show initiative when faced with an unexpected attack. In short, everyone in the organisation needs to understand the cyber security strategy.

Cybercrime…cyberwar?
Although the people who want to harm your business will try to take you by surprise, they are also bound to have weaknesses of their own. Because the activity of the cybercriminal is both deliberate and hostile, they can be compared to a military adversary. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. With this in mind, the authors of this book have drawn on the work of Clausewitz and Sun Tzu and applied it tothe understanding of information security they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict

Using the strategies and ideas in this book will enable you to:

• Protect your business information. If you do not carry out proper checks, then something will go badly wrong, and your business will suffer. Use this book to help you understand the best way to implement an information security assessment
• Spend money wisely. Information security is not just about having the right equipment. Before you go spending money on fancy gadgets and expensive software, you need to understand what your priorities are, and work out which security measures will be the most effective in protecting your business information.
• Learn to adapt. The reality is that your business information is not stored in a fixed, fortified place like a castle. Your employees could be blackmailed or bribed, or their company laptops may be hacked into or stolen when they are travelling abroad. So, to protect your company's business information, you must avoid a fortress mentality and be capable of adapting to an ever-changing environment.
• Prepare to fight back. Defending your company from malicious hackers, or corruptemployees, is not just a matter of putting appropriate security structures in place. Criminals go for soft targets, but, if they know your company is ready to fight back, they will be deterred from attacking it.

Discover how you can apply ideas from military strategy to create an effective cyber security culture in your organisation