Culture of Security
The ‘culture of security’ can be defined as the organisations approach to its security practices and beliefs. Having a positive and effective culture of security does not require an organisation to become paranoid about security, installing cameras or restricting access to every room. Promoting a culture of security in an organisation is important for two reasons.
Firstly, duty of care requirements covered by work health and safety (WHS) legislation require that the workplace is safe for employees and site users. Secondly the company or corporation must show diligence in this area to protect the organisation’s reputation.
Every organisation will have different security requirements. For example, a high-level military site will require a higher level of security than a school. The culture of security within the organisation will determine how secure the site is. An organisation may install CCTV and access control procedures including locks and swipe card access, but if staff and students don’t take care to lock the doors, or leave them propped open, the security features that have been implemented will not increase the safety of the site.
Organisations conduct risk assessments, develop security policies and procedures and train staff as a requirement of WHS legislation. These practices are important, and ongoing supervision and reinforcement is required to ensure staff follow good security practice by following the relevant security policies and procedures. The organisation must ensure staff follow the relevant processes in responding to a breach of security. For example, the organisation may restrict or control access to a site by implementing a visitor policy, entry procedures and sign-in books. If a person enters the building and doesn’t follow these procedures, CCTV may identify that the person has entered the site but if no one responds to the breach or reminds the person that they have not been given permission to be on site, all the procedures, policies and measures designed to improve the safety of the site will be rendered largely ineffective. It is for this reason that fostering a culture of security within an organisation is so important.
To maintain a safe and secure workplace, organisations need to promote a positive culture of security by developing policies and procedures, training staff in correct security practices and reinforcing the use and usefulness of these practices.
 Schneier, B. 2003, ‘Beyond Fear’ – Thinking sensibly about security in an uncertain world, Copernicus, New York