Isolation versus Collaboration/Co-operation

Improving your Security Culture.

Isolation versus Collaboration/Co-operation is the sixth dimension of our Ruighaver/Maynard security culture model. This dimension addresses underlying beliefs about the nature of human relationships and about how work is most effectively and efficiently accomplished, either by individuals or collaboratively.

It is common knowledge in software engineering that, without user involvement in the design process, acceptance of the resulting information system by the organisation will be minimal. The same is undoubtedly true for security procedures and policies. While organisations often realise that security policies should be created collaboratively using the input of people from various facets of the organisation to ensure its comprehensiveness and acceptance, the cost of this approach seems to a major obstacle.

Organisations also tend to ignore that principle in the day to day management of security. We have been surprised how often we find that an organisation's security planning and implementation is handled by only a small group of specialists and managers. As a result, the efforts of the security management team are often negated by other decisions taken by managers in the business units and on the work floor.

While the lack of collaboration with the stakeholders in the day to day decision making on security is also likely to negatively impact motivation and orientation to work, we experienced that this isolation is even more dangerous as it is likely to lead to a narrow focus of security. As coverage is just as important in information security as the quality of the selected security controls, ignoring particular areas such as personnel security or data security can lead to a significant collapse of an organisation's security posture.