Do we need a security culture?

Failures of security rarely touch users and it is easy to dismiss the subject as a purely technical one. With the increasing reliance on computers for business critical systems, and in the light of the fragility of trust online reliability is becoming an increasingly important issue. Information Assurance (IA) is a method for achieving reliability in computer systems, which has been developed out of traditional risk management concepts. For the consistency of behaviour IA requires there needs to be a security culture among users, a shared set of beliefs, values and behaviour.This paper discusses the nature of such a security culture and how it may be created.