I'm conducting research into IS Security failures and measures for my MSc Dissertation at South Bank University, London.
Main part of this research is a survey of UK based companies, establishing the number, underlying reason, and impact of security failures, plus an overview of the employee facing security measures and their efficacy.
This is done under the premise that most security failures have their root in humans not following the rules and procedures (which consists of a failure on the Human-Computer interface of the IS), and not due to technological failures or malicious intent. Note that this does not mean that technology is not important, to the contrary. It means that technology is worthless if people don't apply or use it right (simple example - ever seen a password on a post-it note, on the monitor?).

What I'm looking for are UK based IS Security Managers that would be willing to spend an hour or two to contribute to this research, in return for an external high level review of their security practices and feedback on how well these work. I will not need access to your systems, technical setup details, or any other confidential information that could jeopardize the security of your systems if it
gets out.

Please contact me if you are interested! I'd also be happy to discuss the topics indicated above on this list if anyone would like to hear more or has experiences to the contrary.

Thanks