Information Security – Is it important? Lizzie Coles-Kemp Information Security Group.
-
Upload
kathleen-morrison -
Category
Documents
-
view
214 -
download
0
Transcript of Information Security – Is it important? Lizzie Coles-Kemp Information Security Group.
Towards a Culture Of Security
• OECD (Organisation for Overseas Economic Co-Operation and Development)
• 2002: OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security
• Introduced 9 principles
Nine Principles
• Awareness• Responsibility• Response• Ethics• Democracy• Risk assessment• Security design and implementation• Security management• Re-assessment
“Compliance alone does not in itself imply an acceptable level of security.” [McCulloch, I., Armstrong, A., and Johnson, A. 2013]
“Humans are fallible and errors are to be expected, even in the best organisations” [Reason, J, 2000]
Security from what? Security by whom? Security achieved through which means?’ [Liotta, 2002: 474–475]
“Employees, however, seldom comply with these IS security procedures and techniques, placing the organizations’ assets and business in danger” [Stanton, J. M., Stam, K. R., Mastrangelo, P. and Jolton, J., 2005 ]
People-Centered Security
• Security is a relational concept• Ask the individual about their security needs• Talk with individuals to explore security needs
and wants• Listen to security anxieties in the context of
values and beliefs - needs differ
Nine Principles
• Awareness• Responsibility• Response• Ethics• Democracy• Risk assessment• Security design and implementation• Security management• Re-assessment