totaltenders
Buying Organisation
Cabinet Office
Contract Value
£60,000 to £400,000
Suitable for SMEs
Yes
Suitable for VCSEs
Yes
Security is seen as complicated or confusing by many people, or even as a blocker or impediment to working. Security is rarely promoted as an enabler or core business outside the security practitioner community.
The public sector needs to better enable our people to reduce and manage risk, where 'our people' are defined as users (anyone who uses government official IT) and practitioners (those responsible for managing and delivering security in an organisation), and where 'risk' is defined as "the harm arising from potential loss, damage or compromise of government assets."
We know that organisational cultures can be a powerful influence on how people act in the workplace, where 'culture' is defined as "shared values (what is important) and beliefs (how things work) that interact with an organisation's structures and control systems to produce behavioural norms (the way we do things around here)."
We want to validate or disprove the following hypotheses:
A) Promoting appropriate culture(s) is an effective lever in reducing and managing risk;
B) Human Factors -including organisational climate and culture- play a critical role in our cross government risk posture today;
C) It is feasible to develop a holistic methodology or capability that can assess and monitor the health of the Human Factors landscape - including organisational climate and culture - across a public sector organisation in near real time;
D) It is feasible to develop a single methodology or capability to assess and monitor the health of the Human Factors landscape - including organisational climate and culture - across government in near real time;
E) Although several aspects of culture are interrelated, it adds value to target 'cyber culture' separately from 'organisational culture' or 'security culture' (where "security culture" is defined as 'The set of values, beliefs and assumptions, shared by everyone in an organisation, which determine how people are expected to think about and approach physical, personnel, technical and cyber security');
F) Leadership (senior leaders as well as local line managers) attitudes and behaviours are the single greatest factor which drive an organisation's risk posture, and therefore represents the greatest value for risk interventions;
G) Risk interventions applicable to government departments are also applicable to other public sector organisations such as local authorities, education and healthcare arm lengths bodies;
H) Appropriate security cultures require the organisation to improve people's capability and opportunity to work securely, as well as their attitudes and motivation.
I) Interventions which reduce high risk behaviours (e.g. reduced IT security violations) can be measured in near real-time, quantitatively and qualitatively.
Security software package (CPV 48730000)
Research and development services and related consultancy services (CPV 73000000)
Public security services (CPV 75241000)
United Kingdom (UK)
Cabinet Office
Further information on this tender from Cabinet Office when you create a FREE Account
View all of your tenders, see forthcoming opportunities, access data/reports.