How to develop a culture of security in the enterprise

In October this year, the HMG Information Assurance Maturity Model and Assessment Framework was published.

Its aim is to help senior information risk owners in government departments create an effective change programme to improve information risk management (IRM). The model is aligned with the security standard ISO/IEC 27001:2005 and incorporates the mandatory information related requirements of the HMG Security Policy Framework (SPF), a set of internal risk management and security practices and policies for government departments.

Although the model's target audience is government, it contains much useful guidance that is pertinent to businesses as well, particularly if they work with government and need to align themselves with the SPF.