Security controls fail when they conflict with how people actually think and work. The Psychology of Information Security tackles this problem head-on, showing how to design security that aligns with human behaviour rather than fighting it.

Drawing on behavioural science, psychology, economics and real-world security practice, this book explains why well-intentioned controls are often bypassed and how to replace them with solutions that fit real work. It provides clear frameworks, practical examples and actionable recommendations for driving lasting behavioural change, improving compliance and reducing risk without increasing friction.

Written for security leaders, practitioners and risk professionals, the book reframes people not as the weakest link, but as essential defenders. Socio-technical, people-centred and relentlessly practical, it is a playbook for building security programmes that actually work.

“Leron approaches the subject from a psychological angle and will be appealing to both those of a non-technical and a technical background”

Dr David King, Visiting Fellow of Kellogg College, University of Oxford

“This book cuts to the heart of many of the challenges in risk management, providing tips, frameworks and guidance that can be implemented straight away. This is a book full of very practical takeaways.”

Thom Langford, CTO (EMEA), Rapid7

“Based on real world examples this book provides valuable insights into the relationship of information security, compliance, business economics and decision theory. Drawing on interdisciplinary studies, commentary from the field and his own research, Leron gives the reader the necessary background and practical tools to drive improvements in their own information security program.”

Daniel Schatz, CISO, QIAGEN

Editorial Reviews