If it is to be truly successful, security requires engagement right across an organisation. It needs to be embedded in everyday operations and championed from both the top of an organisation and at a local level. It also needs effort and consideration to ensure that messages are appropriate to the likely audience, as well as shaped and communicated in a way that suits the different, but equally important range of stakeholders. This article considers the challenge of promoting security policy by ensuring the message is appropriate and effective for the many different individuals likely to be involved and/or affected. The discussion draws upon theories of leadership, communication within organisations and ways of influencing organisational change, emphasising the importance of framing the message in the right way in order to maximise support from the different constituents of the target audience. A range of approaches are consequently identified that could form part of an overall promotion portfolio, based upon a combination of push and pull style mechanisms that are likely to appeal to different people in relation to different aspects of the overall message. Caroline Chipperfield and Steven Furnell explore this intricate subject. It is hardly a revelation to state that successful security requires the support and commitment of those around it. Unfortunately, however, many people do not find security to be a naturally exciting or engaging topic, and it is therefore unrealistic to expect that the mere mention of its name will automatically drum up much enthusiasm. A rare exception may be when they have suffered an incident and feel a keen interest to recover and/or prevent it from happening again. The problem is that security is often something that people will not want to use by their own choice. They can find it time consuming, inconvenient and generally an obstacle to getting on with what they want to use a system for.
[1]
Malcolm Robert Pattinson,et al.
Risk Communication, Risk Perception and Information Security
,
2004,
IICIS.
[2]
Phil Spurling,et al.
Promoting security awareness and commitment
,
1995,
Inf. Manag. Comput. Secur..
[3]
Steven Furnell,et al.
From culture to disobedience: Recognising the varying user acceptance of IT security
,
2009
.
[4]
I. B. Myers.
Manual: A Guide to the Development and Use of the Myers-Briggs Type Indicator
,
1985
.
[5]
David H. Maister,et al.
The Trusted Advisor
,
2000
.
[6]
Maria Papadaki,et al.
Scare tactics – A viable weapon in the security war?
,
2009
.
[7]
X. Sean Wang,et al.
Security Management, Integrity, and Internal Control in Information Systems - IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conference [18-19 November 2004, Fairfax, Virginia; USA]
,
2006,
IICIS.