What do information security and the art of war have in common? The answer, this book argues, is a great deal. Although the authors have an expert technical knowledge of information security, they strongly believe that technical and procedural measures cannot offer a solution on their own. Information security is not painting by numbers. You can tick all the right boxes and acquire the latest technology, and you may fail all the same. This is because information security is ultimately a human problem, not a technical one. In the end, the threats to your information security come from human beings, not from machines. Although one problem you will face is simple human error, the major threat to your business information is from the criminal. Cybercrime is on the move. It is in a state of constant evolution, capable of adapting both to developments in technology and to whatever security measures its targets have already put in place. It will seek out your weak points in order to exploit them for its own advantage. However, although the people who want to harm your business will try to take you by surprise, they are also bound to have weaknesses of their own. Because the activity of the cybercriminal is both deliberate and hostile, they can be compared to a military adversary. So if you want to defend yourself from cybercrime you can learn from military strategy. Fighting cybercrime is about more than bureaucracy and compliance. Your company's approach to information security has to be integrated with your overall business goals. The people at the top have to provide leadership, while the people at the bottom need to understand the company's information security policy and be able to show initiative when faced with an unexpected attack. If you want to take active steps to deter the cybercriminal, then this book is for you. It will help you plan the right strategy for defending your business from cybercrime.