By Rachel Zainey
The SIT Community has come together once again for this year’s summit to focus on the human factor and building a strong security culture. Our vision is to enact real change within organisations by educating and empowering people and ensuring the human factor is at the core of our security solutions.
Changing culture within a business context is typically not something to be taken lightly however, culture starts with relationships. And to build relationships you need to understand and listen. Remember the saying, listen with the intent to understand, not reply.
Engage to understand
Seek to understand your key risk groups before mapping out a program. This means setting up face to face workshops to understand pain points.
Some examples of common groups where security risk and culture are interconnected include:
- Directors/CXOs (understanding and accountability for security)
- Executive Assistant’s (security within their role and access privileges)
- Human Resources / People & Culture – or whatever you call them these days (security within the employee lifecycle)
- Front line / Customer Service Centre (security within the end user environment)
- Procurement (security related to external parties/vendor management)
- Application development and support teams (security within the delivery lifecycle)
Before getting into the nitty gritty of what the implementation materials and content looks like, develop an end to end holistic approach and socialise to get buy in. This is critical to ensuring all the key stakeholders within the business are on board and the key messages are aligned with your organisation’s values and communication methods.
Build the right relationships and the culture will follow!