This statistic is widely used to support IS awareness campaigns, but it begs a question. How do you ensure security policy is well understood? Especially in a devolved organisation like the University of Oxford?
Wednesday 11 September 2013
Interesting quote from 2013 Information Security Breaches Survey
David Willetts introduced the Survey at the InfoSec Europe 2013 conference, which contains an interesting quote, “93% of companies where the security policy was poorly understood had staff-related breaches versus 47% where the policy was well understood”.
This statistic is widely used to support IS awareness campaigns, but it begs a question. How do you ensure security policy is well understood? Especially in a devolved organisation like the University of Oxford?
This statistic is widely used to support IS awareness campaigns, but it begs a question. How do you ensure security policy is well understood? Especially in a devolved organisation like the University of Oxford?
Subscribe to:
Post Comments (Atom)
1 comment:
I feel that there are two elements here.
1. An acknowlegement that there is a policy that applies to all staff and students and;
2. It's there for a reason - to protect individuals as well as the larger organisation.
Once people have been encouraged to think about these two things, it should be easier to educate people. However the leaders need to emphasise the benefits to the whole of the organisation including staff and students, not just to its administration.
Post a Comment