Addressing the Human Factor
Developing and sustaining an effective Security Culture is an essential component of a protective security regime and helps mitigate against a range of threats that could harm your people, assets and reputation.
The largest predictor of security service success is leadership and workforce commitment. Let's consider a number of problem statements:
•Q - How can we improve the way your workforce views security?
•Q - How can security become a business enabler and a competitive advantage?
•Q - How can we encourage your workforce to see security as everyone’s responsibility?
•Q - How can we inform & empower your leaders to model appropriate & positive security behaviors?
•Q - How can you become an industry leader, in improving your security & resilience posture through soft security and behavioral change?
Each of these problem questions statements shares the same answer:
Through developing a positive Security Culture!
Human behaviour, the way humans act and interact, is based on and influenced by several factors, such as genetic make-up, culture and individual values and attitudes. Human action denotes everything that can be observed, either with bare eyes or measured by physiological sensors, while cognitions describe the thoughts and mental images that people have. Cognitions comprise skills and knowledge – knowing how to use tools and perform procedures in a meaningful manner. Attached to both are emotions. Commonly, an emotion is any relatively brief conscious experience characterised by intense mental activity and a feeling that is not characterised as resulting from either reasoning or knowledge.
What can we do to help?
Working with you to design a business-appropriate programme, ERG can design and deliver training and workshops, virtually or in person, to develop a security-conscious workforce, and promote the desired security behaviours you want from staff. The return on investment for the training is measured and presented, throughout the year, to ensure that it is influencing behaviours, securing your organisation and protecting you from insider threats. ERG achieves this through our Relational Security approach, which focuses on encouraging your workforce to care!
Everything is connected
Actions, cognitions and emotions do not run independently of each other – their proper interaction enables you to perceive the world around you, listen to your inner wishes and respond appropriately to people in your surroundings. In addition to having basic and psychological needs met, having confidence in activities, feeling valued and respected by those around us will result in feelings of joy and emotional realisation. In such environments individuals are motivated and they display increased dedication and commitment to activities and causes. However, this can in some cases be reversed, with negative feelings resulting in sadness and potentially negative actions on the part of individuals. This can be detrimental in the workplace, resulting in the existence of a threat from insiders who have access to people, assets, premises and information which provide organisation with their competitive advantage.
Types of Insider
TRUSTiN Insider Risk Management
A TRUSTiN Insider Risk Management programme is based on seven core elements of effective personnel security processes
A. Governance and Leadership
B. Insider Risk Assessment
C. Pre-Employment Screening
D. Ongoing Personnel Security
E. Monitoring and Assessment of Employees
F. Investigation and Disciplinary Practices (Response)
G. Security Culture and Behaviour Change.
TRUSTiN is a role-risk-based approach to managing insider risk. In addition to ongoing Security Culture training designed to increase workforce security mindedness and vigilance, a mixture of pre-employment screening, background checks, leaving processes, proactive controls, user behaviour analysis and the ongoing monitoring of privileged accounts will minimise the risk of insider threats.
As these risks from within an organisation account for over 38% of breaches and are the most costly type of breaches, the return on investment for an insider risk management programme is clear. Such a system will:
Ensure that only authorised users are able to access powerful privileged accounts and sensitive assets
Prevent users from being able to gain unapproved elevated privileges
Establish strict accountability over the use of privileged accounts by tracking who accessed what accounts and assets, and what actions were taken
Improve forensic analysis and by generating a detailed, tamper-proof audit trail of all privileged account activity
Rapidly detect and be alerted on anomalous activity that could signal an inside attack in-progress