The role of trust in security: Building relationships with management and employees>
Help Net Security – Tomas Honzak
Management may put in place a new security framework, document all new procedures, train staff, and even get an independent certification, but all of this will accomplish nothing if other employees continue to do what they were doing in the first place. Furthermore, the false sense of security provided by the mere existence of a new security framework or technology can make it easy for employees at every level to become complacent and assume their security is assured. Chief security officers need to first and foremost ensure that a solid understanding exists between the security team and the business units. There is no way that anyone could understand the nuances of a business unitâs capabilities, processes, assets, and services to the extent the unit itself does, so it is tremendously important for a chief security officer to meet with each unit and develop a comprehensive security plan, which is aligned on the corporate level. Only by gaining a more complete understanding of the unique needs of a business unit can a chief security officer develop safeguards that reduce risks. Sometimes all this takes is for the chief security officer to go to lunch with the sales team or with an engineering team to hear their concerns firsthand and build a relationship that makes employees feel comfortable raising concerns in the futureâbefore a security issue becomes critical. These meetings can also help employees understand the reasoning behind the existing security framework and may make them more likely to take security procedures more seriously. Having a management team that truly understands how security relates to company operations is a tremendous asset to a chief security officer and makes it easier to justify investments that keep data secure in the same way that the business justifies investment.
Link: https://www.helpnetsecurity.com/2018/01/15/building-relationships-management-employees/