Organizations typically respond to information breaches by implementing policies to regulate and control employee actions, particularly around the usage of information technology. However, there’s limited evidence indicating these policies effectively curb information loss or confidentiality breaches. This article delves into potential reasons for this ineffectiveness and reports on a survey conducted within a UK National Health Service health board. The argument presented suggests that a holistic view of the entire system, rather than a narrow focus on individual actors, is necessary for effective security management. The survey findings illustrate how organizational pressures and policy restrictions often corner staff, sometimes leading them to break rules in order to perform their jobs. An additional list of resources is included as a web extra.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....