BBC board wary of security projects, says info security manager

'It's all about reputation, availability and staying on the telly' reveals Cooper

Asking the BBC's board to approve new information security projects is usually met with a swift "No", because data accessibility is seen as a bigger priority, according to the broadcaster's information security manager, Annamaria Cooper.

Speaking at Computing's Enterprise Security and Risk Management 2014 today, Cooper revealed that while there is a good board "understanding", there are cultural hurdles at the BBC that always need to be overcome in order to "hook" approval.

"Our organisation is all about availability, so the question is ‘How much time are we going to be off the telly?', that's the culture," explained Cooper.

"There's an understanding. We've got issues around [the board] understanding the implications. From a BBC perspective it's all about reputation.

"Quite often people get hooked on the confidentiality side of things. The ICO has kind of got a foot in the door - there is some mandate and regulation about what we do. But that's not an issue - the board gets that, in that way it's very mature."

Coming from a police and local government career background, Cooper described the BBC as "a very, very different beast".

"So when you say ‘We need to do whatever', the starting point is 'No', as it will get in the way of television," she said.

Cooper said the global nature of the BBC's operations presented big challenges.

"All our staff within the team have been briefed so when they're going out everybody has the same systems," explained Cooper. "But being global, some of our staff do get ‘lost' - get remote from us."

Cooper said face-to-face training plays an important role in getting the security message across to all BBC staff, even though it can sometimes cause "a lot of yawning" among the more "creative" workers. To combat this, you have to "tell the right story", she said.

"It's about making sure your message is right for the audience, and that you understand the culture and story of that particular team," said Cooper.

"People could be working in iPlayer or research and development - [everyone] is working on a whole set of different things."