Insights and innovation survey
Delivering insight into information security behaviours across the VPS
We are inviting organisations from across the Victorian public sector to participate in an anonymous survey to help strengthen our data protection efforts.
Participation in the survey is entirely voluntary, with questions exploring levels of understanding around information security practices and exploring personnel security behaviours.
What is the Insight and Innovation Survey?
The Insight and Innovation Survey provides members of your organisation the opportunity to express their views and relate their experiences on information security practices.
The survey is designed to gather insights about the current state of information security culture across the VPS and co-design material with our stakeholders to help cultural transformation across the VPS. Specifically, the broader project seeks to:
- frame a representation of cohorts in the VPS audience, including the development of personas, user stories and journey maps.
- develop a simple shared model or narrative around information security that resonates with us and participating agencies.
- deliver insights into the current state of information security culture across the VPS and frame potential measures to help improve this.
Our approach seeks to:
- ensure Executive buy-in from stakeholder agencies to increase the impact of the project.
- produce new insights into the unique perceptions of data security within the VPS.
- facilitate co-design of a statement of intent and corresponding activities to improve security culture in the VPS.
The survey aims to measure employees understanding of information security and their experience within the organisation. A broad suite of demographic questions is asked to understand the employment experience of the groups within the workforce, with all responses de-identified.
Why are we doing this?
The research is part of our broader assurance activities, aiming to:
- measure the level of staff engagement with information security;
- identify opportunities for improvement in information security;
- co-design solutions with our stakeholders;
- help inform targeted training and awareness material for the VPDSF;
- support engagement opportunities;
- provide insight into the security posture and experiences of various VPS organisations; and
- support engagement opportunities for the VPDSF.
When will the survey run?
The survey is set to commence on Monday 10th of December 2018.
It will be open for a couple of weeks, in which staff are encouraged to complete a 10 – 15 minute questionnaire.
Closing date for all responses is due on the 26th of February, 2019.
How is the survey being run?
We have engaged an independent social research consultancy, ThinkPlace to help deliver and run this survey. They will be using a survey web platform called Qualtrics. All responses will be anonymous, and the data collected will be de-identified before being shared with us. Responses will be analysed at the aggregate level only.
How can you participate?
The survey has now closed.
We thank all VPS organisations and individuals who have contributed to provide insight into the security culture and behaviours of the public service.
Participation in the survey
By participating, you agree that the survey data collected can be used by the Office of the Victorian Information Commissioner and research partners, to undertake research to benefit the public sector. The provision of any data to research partners or other parties will be in accordance with the Privacy and Data Protection Act (2014). To ensure compliance with legislative requirements, we will only conduct analysis or release data where the identity of individuals is protected and cannot be reasonably ascertained.
Is the survey voluntary?
Yes. Participation is entirely voluntary.
Are organisations being targeted?
No. All VPS organisations are invited to participate and we welcome responses from all agencies or bodies.
Is the survey confidential?
Yes. All survey responses are anonymous. Survey participants are not required to individually register. A generic link to the survey will be provided for users use. A Privacy Impact Assessment and Security Risk Assessment are currently being scoped for this project.