Achieving a security culture change

The latest reported loss of 84,000 unencrypted confidential Home Office records by PA Consulting illustrates the massive challenge of eradicating bad security practices across Whitehall. Massive publicity and waves of security reviews have clearly not made sufficient impact on day to day operations.

We need to take a whole new approach to security culture. It can be done. But not by diktat. It requires a more emotional engagement with people and a major programme of change. It also requires that security education and oversight extends as far as the risks extend, in this case to contractors.

Watch out for an article by me on organisational culture change in September’s Infosec magazine.

Postscript – Infosec magazine now tell me that this feature has been held over until October. You’ll have to wait a little longer.