For employees, data breaches and the reality of identity theft have driven home the importance of privacy and protection for personal data on the job—the data in the corporation might well be your own. For IT, security no longer occupies the “nice to have” category at the bottom of the IT agenda, but has gone straight to the top. If there is no security budget, something must be wrong.
The overall result is a corporate shift in attitude, a new mindset where security and privacy controls are increasingly internalized and are slowly becoming standard business practices. At least four elements have contributed to this cultural sea change. Security has become part of operational risk. Privacy is personal. Security breach notification laws. Privacy is now a profession. cul·tured adj. having refined taste and manners and a good education. One could say that organizations are becoming more “cultured” in the ways of good security practices, and are developing a broader perspective toward the topic than previously held. The reality of identify theft and human-related risks has created more effective security policies and awareness programs, thereby producing highly visible and tangible results that translate into a more secure organization.
 
Look for more from the author in the September 2007 issue of Security Magazine.