infosec4all.com

UK office of PricewaterhouseCoopers carried out 2008 Information Security Breaches Survey (ISBS) on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR). Preliminary findings were issued yesterday. There is really nothing spectacular out there but once again they reinforce the importance of employees in implementation of information security policies.

“[...] What companies are realising is that increasing security awareness is only part of the answer. The critical issue is changing the behaviour of their people. [...] Only when behaviour changes do businesses realise the benefits of a security-aware culture.[...]”

Training is crucial:
“[...] To be truly effective, awareness messages need to be personalised and tailored to the audience – staff need ownership, plus what works well for a bank won’t necessarily come across well on the shop floor. Messages also need to be kept up to date, so sharing experience with other organisations is important. [...]”

And its effectiveness depends on management involvement:
“[...] The priority given by senior management makes a difference in the extent to which security awareness is drilled into all areas of the organisation. [...]”

 The full results of the survey will be launched at Infosecurity Europe in London, 22-24 April www.infosec.co.uk.