The security of a system and the data it holds is always reliant on the people who build it and those who use it. Security standards and practices must be communicated and adhered to in order to be e ffective.
Setting, communicating and ensuring compliance with security standards requires not just the creation of rules, but the sharing of the reasons for security, the risks of data leakage and the establishing of cultural norms that make security part of everyone’s everyday job. This includes making security measures visible, providing understandable examples of the impact of security breaches in ways that bring them to life rather than alienate users through dry or patronising communication and examples of good practice such as how to create good, strong, memorable passwords.
The Connected City 