Senior managers play a pivotal role in championing a culture which is resilient, adaptable and open to change. However they are not alone in this: they need to work closely with information security professionals, line managers and front line staff to ensure that information risks are considered across the organisation.
A good way of seeing how well your organisation is managing its risk is by thinking about whether these four aspects of good culture resemble what happens in your workplace.
An informed culture
Business leaders should actively promote a supportive security culture, ensuring staff are aware of the current threats to their information assets. Staff also need to be given information on incidents that have occurred, what has been learned and what has changed as a result. Training should be endorsed as an important aid for all staff, not only at work but in their personal lives. If people have a good understanding of how to protect their own personal information they will have a better understanding of the threats to the organisation’s data. Continue reading »