Title

In a "trusting" environment, everyone is responsible for information security

Document Type

Journal Article

Publisher

Elsevier

Faculty

Computing, Health and Science

School

Computer and Information Science, Centre for Security Research

RAS ID

6004

Comments

This article was originally published as: Williams, P. (2008). In a "trusting" environment, everyone is responsible for information security. Information Security Technical Report. Volume 13, Issue 4, November 2008, Pages 207-215. Original article available here

Abstract

Information security is important in any organisation and particularly where personal and medical information is routinely recorded. Further, where the organisational culture revolves around trust, as in the medical environment, insider threats, both malicious and non-malicious, are difficult to manage. International research has shown that changing security culture and increasing awareness is necessary as technical resolutions are not sufficient to control insider threats. This area of information security is both important and topical in view of the recently publicised breaches of patient health information. Ensuring that all staff assumes responsibility for information security, particularly as part of an information security governance framework, is one practical solution to the problem of insider threats.

 

Link to publisher version (DOI)

10.1016/j.istr.2008.10.009