Securing your business can be overwhelming especially when starting from scratch. Once your organisation has identified a need to make information security part of the way you do business, how do you get started? Should you seek a deep-dive risk assessment? Should you consider a three-year strategic implementation of security controls? Should you hire a Head of Information Security?
What is the best approach to help you identify what Information Security looks like at (“insert your business name here”)? Instead of a ‘go big’ approach like those mentioned above, organisations could begin their security journey by asking key people within the business what security means to them, what do they expect from a security program, how would security align with their current business strategy and given all the competing priorities…where will a security program fit in their organisation? I can feel you rolling your eyes as you imagine these security related conversations with the CEO, the marketing guy and the under-the-pump Head of IT Ops. But….having someone draw opinions, information and aspirations from every corner of the organisation to answer the difficult questions about information security can establish the true value placed on security by those in the driver’s seat. We have learned over many moons that telling leaders, engineers and anyone who will listen what security looks like is often met with groans, reluctant compliance or panic. If we gave the business the opportunity to say what they think about security (and what they know about security - which is often only what they see in the press), this information starts to build a framework for incoming security leaders on which to build their roadmap, to know who will champion security alongside them and establish what information security success looks like for your organisation.
First establishing your organisation’s information security agenda will also help your future information security team to be aligned to your business priorities. Yes there will be some difficult conversations and uncomfortable silences, but wouldn’t they be worth it if it means agreeing to an agenda together?
Need help with your Security Agenda? Contact me here to discuss today.
#informationsecurity #recruitment #cyber #securityawareness