Recent revelations and those yet to come, including from the private sector, threaten untold damage to trust in the on-line world. The time has come to transform attitudes towards information risk management.
Tomorrow sees the next EURIM Transformational Government Dialogue, this time on “the Democratisation of Delivery – with witnesses from “Patient Opinion“, “Love Lewisham” and “Tidy Oldham” describing what happens when organisations really do listen to their “customers” and front line staff – as opposed to pretending to do so. The approach raises many issues and challenges.
The first “dialogue” juxtaposed inputs from Sir David Varney with those from benefits recipients and intermediares. The second on delivery partnerships was just as illuminating. This third, like the first, will juxtapose the experience of those seeking to transform services at the operational level with comment from those with the challenge of enabling change at the top, John Suffolk, as government CIO will be the other contributor.
The tasks at both top and bottom will be considerably less difficult if IT and Information Security professionals use the events of the past few weeks positively – not just to whinge over what has happened but to begin the process of rebuilding trust around security policies and systems that meet business needs and are usable by human beings.
Perhaps one of the key lessons of that past few days is that security policies that are kept secret are worthless. All staff – at all levels (from Director to help-desk operator) – need to know what the policy means to them – and why their role matters. Some of the most secure organisations also make relevants parts of the training material (sometimes costing as little as 30p per head if built into the on-line access system) available to the families of their staff and/or to customers – so that they can protect themselves and their children on–line.
And the revelation that 30% of leaks begin with the IT personnel compared to 22% with customer service and only 15% with third parties should say something about our order of priorities.