As part of a business studies degree I am currently studying for with the Open University here in the UK, I have been researching how the culture of an organisation can affect how it behaves and adapts to the environment in which it exists. These studies have got me thinking about how the culture of an organisation can affect its attitude toward the security of its information.
Studying some of the results of recent surveys concerning information and cyber security, it was found by one of the said surveys that *46% of all security breaches last year were caused by either human error or misuse of systems by staff.
Couldn’t it be reasonably argued these 46% of data breaches are a result of an organisational culture that doesn’t value the security of information? If organisations take information security seriously then they should be ensuring their staff behave in a manner that protects the information of the organisation. They should be ensuring that staff receive adequate information security awareness training and that additional controls are in place to prevent data loss such email classification software. They shouldn’t be leaving human failings to chance!
The only real way for organisations to prove that they take information security seriously is by implementing an Information Security Management System (ISMS) and gaining certification against the International Standard for information security, ISO/IEC 27001:2013.
Don’t let your organisation suffer from an information security ‘anti-culture’, implement an ISO/IEC 27001 ISMS!
*2013 Information Security Breaches Survey by The Department Of Business Information & Skills