Human factors in information security
by Dr Gary Hinson PhD MBA CISSP
Updated January 2014
This white paper lays out the case for managing the human side of information security every bit as carefully as the technical side. It is our contention that, while they are undoubtedly required, technological controls alone simply cannot deliver information security in practice. Furthermore, done well,
security awareness is the most cost-effective form of information security control.