Trust Economics

A report published by RSA in 2007 (’The Confessions Survey’, available here as a PDF) identifies some of the things employees can do which have the potential to adversely affect the security of their organisation’s data (e.g. holding secure doors open for strangers, or e-mailing company data to a personal e-mail address for access at home).
Statistics are included which make a distinction between the behaviour patterns of the two groups of employees that were surveyed (’Government’ and ‘Enterprise’). This in itself goes some way towards illustrating that a one-size-fits-all approach to security does not necessarily apply to both public and private organisations, and that the work cultures (i.e. the accepted or encouraged patterns of employee behaviour) in different kinds of organisations should be considered when dictating the information security policy.