Social Engineering,

Information Risk
and Security
 EW
Hacking the Human
Social Engineering Techniques and

N
Security Countermeasures
Ian Mann
• Provides understanding to the risk that
organization’s face from social engineering
• Offers examples, research and practical
solutions that will enable a company to
develop a training and security strategy
based on these risks
• Examines the limitations to current security
thinking, and gives countermeasures that
are available
Information security is about people, yet in
most organizations protection remains focused
on technical countermeasures. The human
element is crucial in the majority of successful
attacks on systems and attackers are rarely
required to find technical vulnerabilities,
hacking the human is usually sufficient.
Ian Mann turns the black art of social
engineering into an information security
risk that can be understood, measured and
managed effectively. The text highlights the
main sources of risk from social engineering
and draws on psychological models to explain
the basis for human vulnerabilities. Chapters
on vulnerability mapping, developing a range
of protection systems and awareness training About the Author:
provide a practical and authoritative guide Ian Mann is Senior System Consultant with
to the risks and countermeasures that are ECSC Ltd (www.ecsc.co.uk) a specialist
available. information security consultancy. Ian has
worked with a wide range of companies,
There is a singular lack of useful information including a number of leading financial
for security and IT professionals regarding the institutions, to help them understand the
human vulnerabilities that social engineering risk from attacks by social engineers, and to
attacks tend to exploit. Ian Mann provides a rich develop effective countermeasures. He is also
mix of examples, applied research and practical
known for his presentations on the subject.
solutions that will enable you to assess the
level of risk in your organization; measure the Contents:
strength of your current security and enhance Introduction
your training and systemic countermeasures Part One The Risks:
accordingly. If you are responsible for physical What is social engineering?; Understanding
or information security or the protection of your your risks; People, your weakest link;
business and employees from significant risk, Limitations to current security thinking.
then Hacking the Human is a must-read. Part Two Understanding Human
Vulnerabilities:
This title is also available as an e-book.
Trust me; Reading a person; Subconscious
Hardback 266 Pages November 2008 mind; Parent, Adult, Child.
978-0-566-08773-8 £60.00 Part Three Countermeasures:
e-ISBN: 978-0-7546-9351-2 Vulnerability mapping; Protection systems;
Awareness and Training; Testing.
Index.

For more information including full contents, chapter downloads

 Digital Identity Management
Technological, Business and Social Implications
Edited by David Birch
For almost every organization in the future, both public and private sector,
identity management presents both significant opportunities and risks.
Successfully managed, it will allow everyone to access products and services
that are tailored to their needs and their behaviours. But successful
management implies that organizations will have overcome the significant
obstacles of security, individual human rights and social concern that could
cause the whole process to become mired.
Digital Identity Management, based on the work of the annual Digital Identity
Forum in London, provides a wide perspective on the subject and explores the
current technology available for identity management, its applications within
business, and its significance in wider debates about identity, society and the law. This is an essential
introduction for organizations seeking to use identity to get closer to customers; for those in government
at all levels wrestling with online delivery of targeted services; as well as those concerned with the wider
issues of identity, rights, the law, and the potential risks.
About the Editor: David G.W. Birch is a Director of Consult Hyperion, the IT management consultancy that specialises
in electronic transactions, which he helped found after several years working as a consultant in Europe, the Far East
and North America. A physicist by training, David has lectured on the impact of new communications technologies to
MBA level. He has written for publications ranging from The Guardian to the Parliamentary IT Review and is a media
commentator on electronic business, having appeared on BBC TV and radio, CNN and CNBC amongst others.

Hardback 280 Pages 2007

978-0-566-08679-3 £60.00

Information Risk and Security

Preventing and Investigating Workplace Computer Crime
Edward Wilding
‘In this tour de force of a publication, Edward Wilding guides readers through a
maze of issues and solutions with clarity and conviction. The book is a
‘must read’ for every CIO.’ – Information Security Specialist Group Magazine
Information Risk and Security explains the complex and diverse sources of
risk for any organization and provides clear guidance and strategies to address
these threats before they happen, and to investigate them, if and when they do.
Edward Wilding focuses particularly on internal IT risk, workplace crime, and
the preservation of evidence, because it is these areas that are generally
so mismanaged.
The author’s clear and informative style mixes numerous case studies with practical, down-to-earth and
easily implemented advice to help everyone with responsibility for this threat to manage it effectively.
This is an essential guide for risk and security managers, computer auditors, investigators, IT managers,
line managers and non-technical experts; all those who need to understand the threat to workplace
computers and information systems.
About the Author: Edward Wilding has investigated several hundred cases of computer fraud and misuse in many
jurisdictions. His previous book, Computer Evidence: A Forensic Investigations Handbook (Sweet and Maxwell 1996) was
one of the first to discuss computer forensic investigations. He has also served as an expert witness in civil and criminal
cases, tribunals and official hearings, including the Hutton Inquiry. In 2002, he co-founded Data Genetics International
(DGI), specializing in computer crime investigation, incident response and forensic evidence.

Hardback 364 Pages 2006

978-0-566-08685-4 £80.00

s and a 10% discount visit our website www.gowerpublishing.com

Information Security and Employee Behaviour
How to Reduce Risk Through Employee Education, Training and Awareness
Angus McIlwraith
‘...It is a worthwhile reading book and a must for every business library.’
– Educational Book Review, India
Angus McIlwraith’s book explains how corporate culture affects perceptions of risk
and information security, and how this in turn affects employee behaviour. He then
provides a very pragmatic solution involving strategies and techniques for
educating and training employees in information security and explains how
different metrics can be used to assess awareness and behaviour.
Hardback 176 Pages 2006
978-0-566-08647-2 e-ISBN 978-0-7546-8301-8 £60.00

e Many of our books our now available in eBook format

see our website www.gowerpublishing.com/ebooks
Order form Return to: Gower Publishing Direct Sales, Bookpoint Ltd, 130 Milton Park, Abingdon, Oxon,
OX14 4SB; Tel: +44 (0)1235 827730; Fax: +44 (0)1235 400454; E-mail: gower@bookpoint.
co.uk; Order online at www.gowerpublishing.com to receive a 10% discount (Excludes eBooks)
QTY TITLE ISBN PRICE
__ Hacking the Human 978-0-566-08773-8 £55.00
__ Digital Identity Management 978-0-566-08679-3 £65.00
__ Information Risk and Security 978-0-566-08685-4 £80.00
__ Information Security and Employee Behaviour 978-0-566-08647-2 £60.00
Sub Total ________
Please quote order reference G8AUM P&P: £3.95 (UK) / £7.50 (ROW) ________

 I enclose a cheque for £_ _________ made payable to Bookpoint Ltd Total ________
 Please invoice me / my organization
 Please charge £__________ to my Mastercard/American Express/Visa* *Circle which applies
Card No: __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ Expiry Date: __ __ / __ __
If you are using your personal credit card to order, please ensure you include details of your registered
card address if it differs from that given below.
Address details (BLOCK CAPITALS PLEASE)
Name _________________________________________ Job Title ____________________________
Organization ________________________________________________________________________
Address ____________________________________________________________________________
___________________________________________________________________________________
Post/Zipcode _ __________________________________ Country ____________________________
Telephone______________________________________ E-mail ______________________________

Signature ______________________________________ Date_______________________________

If outside the UK but within the European Union please write your company
VAT/IVA code here______________________________________________________
Price valid until 30th June 2009. We endeavour to despatch all orders within 5 working days. If a title is not
available, your order will be recorded and despatched as soon as possible.

MONEY BACK GUARANTEE: Gower has no hesitation in offering this publication on 14 days’ approval. If you are
not completely satisfied, return the book/s to us in good condition and we will cancel your invoice.
Gower Publishing, or other organizations, may mail or email offers reflecting your preferences.
G8AUM 11/08
Tick if you do not want offers from Gower  or from other organizations 