A joint workshop between the Security Awareness Special Interest Group (The SASIG) and The National Archives pooled resources and knowledge from public and private sector people.
Examining “Achieving behavioural change, and building organisational cultures to enable personnel to use cyberspace safely and securely” the workshop dissected practical strategies to ensure maximum buy-in to online security awareness.
Among speakers were Luisa Gentile, Security Awareness Transformation Manager for Vodafone; Chris Kelleher, Information Security Manager, HMRC; Andy Dancer, Chief Technology Officer, Trend Micro (EMEA) and Tim Callister, Information Management Consultant, The National Archives. What emerged:
– The first step needs to be a focus on the 20 per cent of the business that yields or potentially yields 80pc of the risk.
– Create communities that involve representatives across the business to ensure that you have everybody’s buy-in, that is: the hearts and minds of the business.
– Speak to the business in a language that they understand, that is to say: drop the security speak and explain how security will help the business sell more or achieve its goals more efficiently.
– Consider the operational requirements of the organisation and the added value and competitive advantage that security delivers in terms of winning new business and capturing emerging markets.
– Provide the business with evidence of your activities to secure future budget and buy-in.
Martin Smith, founder and Chair of the SASIG, said afterwards: “No-one in security can afford to stay in their ivory tower. We all gain from learning from others’ experiences and when you bring private and public sectors together both sides win. The level of stimulating debate was priceless and I hope will encourage future, similar events.”
Paula Wade, Programme Manager, information assurance and Cyber Security Engagement Programme, The National Archives, said: “It started with the understanding that many of the challenges faced across both sectors were similar. The idea was that if we held an event that brought together public and private sector decision makers, to share their experiences on information risk management, that this type of forum would generate ideas, cross-sector support and sharing of experiences. I think everyone present on the day will agree that borrowing from other sectors’ experiences is only enriching.”
The next SASIG event on October 30, titled “Security – Why Should Anyone Listen to Us?” looks at achieving budget release for security programmes. Hosted by PricewaterhouseCoopers, it will be held in London and registration is available at http://www.thesasig.com
About SASIG
Established in 2004 by Martin Smith MBE BSc FSyI, The Security Awareness Special Interest Group (SASIG) is a subscription free quarterly networking forum organised by The Security Company (International) Limited. Membership is drawn from CSOs, CISOs and staff with responsibility for security awareness. SASIG has a members’ website at www.thesasig.com.
