Introduction

Statistics on the number and percentage of security incidents generated from inside an organisation suggest that internal users are responsible for at least around 70 per cent, and that most of these incidents are the result of user error, mishap and ignorance. The Organisation for Economic Co-operation and Development's'Guidelines for the Security of Information Systems and Networks Towards a Culture of Security' published in 2002 outline a series of nine principles. The Standard covers topics that can be used to improve security awareness and achieve expected security behaviour amongst many different audiences across an organisation, including business users, technical specialists, senior management, systems developers and IT service providers. Information security grew out of the IT profession. Many practitioners have a technical background (although this is changing).