The ‘Need to Know’ culture of “need to know” has got to go from “responsibility to provide” for information security, author says. Organizations going forward will need to invest in employee relations, establish ownership and trust to encourage both knowledge sharing and secure behavior. Without transparency, there cannot be trust and action of accountability in employees; therefore, little progress, he says. Perhaps we’ll get to a point where people are punished for what they don’t say, as opposed to what they do, he writes.”]
Source: https://www.healthcareinfosecurity.com/blogs/need-to-know-has-got-to-go-p-564