Information Security across the World

My postings have been thin over the last few weeks as I’ve been busy travelling, researching and writing. The highlight was a visit to Switzerland to give presentations to institutes in Zurich and Geneva, a thoroughly enjoyable experience. It’s been a few years since I last visited Switzerland, so I was interested to experience the latest views and perspectives of the local security professionals.

I was impressed by the Swiss appreciation of the human factor in information security. They have a very good grasp of the nuances of organisation culture and the techniques required to change user awareness and behaviour. And it’s also reflected in university teaching and research.

This might of course be expected in a country that successfully combines contrasting cultures, languages and politics. But it’s not what we generally find in the USA, which has a stronger focus on security technology, often at the expense of the softer skills.

The UK is different again, with more emphasis on policies and processes, perhaps reflecting its claims to fame as the birthplace of ISO standards for quality and security. The ideal would be to combine these skills. But the blend is changing. Once we move into clouds, the balance will favour the softer side of security. Continental Europe is better prepared for that. But, unfortunately, so are our enemies. 

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

This is indeed an important concept that has to be acquired by all "international" security professionals. Before being CSO in Switzerland, I was CSO in France and also managed IT security for a Texas based company. All those different cultures need different approaches. US and UK companies are quite pragmatic and want fast results, sometimes at the expense of mistakes. French companies (at least the one I was working for) was interesting for a CSO because of the strength of its trade unions, and required diplomatic skills not to block any technical innovation that may bother unions. In Switzerland, as you say, people are more aware that technology is not the only concern, and that each indovidual action can lead to success or failure. And indeed that's the way swiss citizens daily lives are organized, daily : it's a federation of states, each citizen is involved in mostly all local and global political decisions, and so on... That helps a lot for a CSO, since they feel responsible for their actions. Being able to manage different cultures is a challenge, but really interesting experience ! By the way, thanks for writing such an excellent book about human factor, I quote it often.