We noted you are experiencing viewing problems
-
Check with your IT department that JWPlatform, JWPlayer and Amazon AWS & CloudFront are not being blocked by your network. The relevant domains are *.jwplatform.com, *.jwpsrv.com, *.jwpcdn.com, jwpltx.com, jwpsrv.a.ssl.fastly.net, *.amazonaws.com and *.cloudfront.net. The relevant ports are 80 and 443.
-
Check the following talk links to see which ones work correctly:
Auto Mode
HTTP Progressive Download Send us your results from the above test links at access@hstalks.com and we will contact you with further advice on troubleshooting your viewing problems. -
No luck yet? More tips for troubleshooting viewing issues
-
Contact HST Support access@hstalks.com
-
Please review our troubleshooting guide for tips and advice on resolving your viewing problems.
-
For additional help, please don't hesitate to contact HST support access@hstalks.com
We hope you have enjoyed this limited-length demo
This is a limited length demo talk; you may
login or
review methods of
obtaining more access.
Printable Handouts
Navigable Slide Index
- Introduction
- Definitions
- What is information security?
- Culture, not technology
- Good culture vs. bad culture
- Culture ≠ compliance
- A day in the life
- Cultural red flags
- Case study
- Uber
- The timeline
- Risk culture
- Outcomes
- Cultural red flags (recap)
- What good looks like
- The protection of information
- Your role
This material is restricted to subscribers.
Topics Covered
- Culture, not technology
- Good culture vs. bad culture
- Culture ≠ compliance
- Cultural red flags
- Case study: Uber
- Risk culture
- What good looks like
- The protection of information in computer systems
- Your role in security context
Talk Citation
Bore, J. (2026, June 30). Information security and organisational culture: trusted partners and the department of no [Video file]. In The Business & Management Collection, Henry Stewart Talks. Retrieved July 1, 2026, from https://doi.org/10.69645/OEMN1061.Export Citation (RIS)
Publication History
- Published on June 30, 2026
Other Talks in the Series: Corporate Culture
Transcript
Please wait while the transcript is being prepared...
0:00
I'm James Bor. I'm a chartered
security professional
and consultant in information
and cybersecurity.
I'm going to be talking about
information security and
organizational culture today.
This will look at
the relationship
between corporate culture and
security and how incidence can
affect operations reputation
and legal compliance.
0:24
There's a few definitions
I want to get
out of the way because they'll
be useful in the
discussion later.
Firstly, an agent refers to
any entity capable of
acting with some
degree of autonomy.
That's to cause or
prevent change.
It doesn't matter whether that's
human, organizational
or technological.
In security, generally we
are talking about
humans being agents.
It's very rare we have
a non human entity
with agency involved.
Harms refer to negative
impacts on people.
This may be directly through
personal harm or indirectly
through systemic harm.
This could be harms
enabled through
systems such as organizations,
well as reputational
environmental and other impacts.
Risk is the combination
of the likelihood of
a harm occurring and the
severity of its consequences.
That's one definition.
There are others as well.
But I'm keeping this simple.
Most common expression is
likelihood multiplied by impact.
Other models may
include concepts
such as proximity,
exposure and uncertainty.
A domain is a defined
area of knowledge and
within security common domains
include physical personnel,
cyber, information and others.
There are other domains which
are less commonly considered by
traditional security
but do still fall into
the same discipline
such as biosecurity,
environmental security or
even financial security.
The same discipline applies.
Information is any
data which has been
given context and it's
important to make
that distinction.
So if data has been
given context,
it's got meaning.
It's got value.
It doesn't matter whether
it's on paper stored on
a computer carved into
stone or in someone's head.
It's still information
and it still
falls under
information security.
Security is the discipline,
of preventing and mitigating
harms and it's
primarily focused on
those caused by an autonomous
agent either intentionally,
maliciously or
through negligence.
It's very important to note that
it is about harms
caused by an agent.
It's not about environmental
harms, ones which are static.
Those are under the discipline
of safety rather than security.