Information Security Is it important Lizzie ColesKemp Information

Information Security – Is it important? Lizzie Coles-Kemp Information Security Group

Culture

Towards a Culture Of Security • OECD (Organisation for Overseas Economic Co -Operation and Development) • 2002: OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security • Introduced 9 principles

Nine Principles • • • Awareness Responsibility Response Ethics Democracy Risk assessment Security design and implementation Security management Re-assessment

“Compliance alone does not in itself imply an acceptable level of security. ” [Mc. Culloch, I. , Armstrong, A. , and Johnson, A. 2013]

“Humans are fallible and errors are to be expected, even in the best organisations” [Reason, J, 2000]

Security from what? Security by whom? Security achieved through which means? ’ [Liotta, 2002: 474– 475]

“Employees, however, seldom comply with these IS security procedures and techniques, placing the organizations’ assets and business in danger” [Stanton, J. M. , Stam, K. R. , Mastrangelo, P. and Jolton, J. , 2005 ]

http: //www. opte. org/maps/

https: //engineering. purdue. edu/ECN/About. Us/Net. Maps/2004/Printable. Map. pdf

Uta Eisenreich, Network/Teamwork sociogram 2002

“The Security Debate: Attack, Parry and Riposte” – [Hoogensen, G. , Vigelend Rottem, S. 2004]

People-Centered Security • Security is a relational concept • Ask the individual about their security needs • Talk with individuals to explore security needs and wants • Listen to security anxieties in the context of values and beliefs - needs differ

‘making each secure in the other’ (Mc. Sweeney, 1999: 14– 15)

Nine Principles • • • Awareness Responsibility Response Ethics Democracy Risk assessment Security design and implementation Security management Re-assessment

Culture