In a "trusting" environment, everyone is responsible for information security
Document Type
Journal Article
Publisher
Elsevier
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
6004
Abstract
Information security is important in any organisation and particularly where personal and medical information is routinely recorded. Further, where the organisational culture revolves around trust, as in the medical environment, insider threats, both malicious and non-malicious, are difficult to manage. International research has shown that changing security culture and increasing awareness is necessary as technical resolutions are not sufficient to control insider threats. This area of information security is both important and topical in view of the recently publicised breaches of patient health information. Ensuring that all staff assumes responsibility for information security, particularly as part of an information security governance framework, is one practical solution to the problem of insider threats.
DOI
10.1016/j.istr.2008.10.009
Comments
Williams, P. (2008). In a "trusting" environment, everyone is responsible for information security. Information Security Technical Report. Volume 13, Issue 4, November 2008, Pages 207-215. Available here