Wednesday, 11 September 2013

Interesting quote from 2013 Information Security Breaches Survey

David Willetts introduced the Survey at the InfoSec Europe 2013 conference, which contains an interesting quote, “93% of companies where the security policy was poorly understood had staff-related breaches versus 47% where the policy was well understood”.

This statistic is widely used to support IS awareness campaigns, but it begs a question.   How do you ensure security policy is well understood?   Especially in a devolved organisation like the University of Oxford?

1 comment:

ET said...

I feel that there are two elements here.

1. An acknowlegement that there is a policy that applies to all staff and students and;

2. It's there for a reason - to protect individuals as well as the larger organisation.

Once people have been encouraged to think about these two things, it should be easier to educate people. However the leaders need to emphasise the benefits to the whole of the organisation including staff and students, not just to its administration.