Skip to main content
Please wait while the transcript is being prepared...
0:00
I'm James Bor. I'm a chartered security professional and consultant in information and cybersecurity. I'm going to be talking about information security and organizational culture today. This will look at the relationship between corporate culture and security and how incidence can affect operations reputation and legal compliance.
0:24
There's a few definitions I want to get out of the way because they'll be useful in the discussion later. Firstly, an agent refers to any entity capable of acting with some degree of autonomy. That's to cause or prevent change. It doesn't matter whether that's human, organizational or technological. In security, generally we are talking about humans being agents. It's very rare we have a non human entity with agency involved. Harms refer to negative impacts on people. This may be directly through personal harm or indirectly through systemic harm. This could be harms enabled through systems such as organizations, well as reputational environmental and other impacts. Risk is the combination of the likelihood of a harm occurring and the severity of its consequences. That's one definition. There are others as well. But I'm keeping this simple. Most common expression is likelihood multiplied by impact. Other models may include concepts such as proximity, exposure and uncertainty. A domain is a defined area of knowledge and within security common domains include physical personnel, cyber, information and others. There are other domains which are less commonly considered by traditional security but do still fall into the same discipline such as biosecurity, environmental security or even financial security. The same discipline applies. Information is any data which has been given context and it's important to make that distinction. So if data has been given context, it's got meaning. It's got value. It doesn't matter whether it's on paper stored on a computer carved into stone or in someone's head. It's still information and it still falls under information security. Security is the discipline, of preventing and mitigating harms and it's primarily focused on those caused by an autonomous agent either intentionally, maliciously or through negligence. It's very important to note that it is about harms caused by an agent. It's not about environmental harms, ones which are static. Those are under the discipline of safety rather than security.

Quiz available with full talk access. Request Free Trial or Login.

Hide

Information security and organisational culture: trusted partners and the department of no

Embed in course/own notes