Employee Information Security Risk
Technology “fortification”, implementing security policy, and implementing controls only go so far in mitigating the risk of data breaches, reputational damage and financial loss. PWC's The Global State of Information Security® Survey 2016 found that employees and business partners are cited as the most common source of security breach.
The Information Security Forum's Threat Horizon 2018 makes several gloomy predictions:
The organisation's ability to protect will be progressively compromised.
Board expectations will quickly accelerate beyond their information security functions' ability to deliver.
A major incident will reveal this misalignment and create substantial business impact.
Move From Awareness To Engagement
Baxter Thompson Associates can help reduce security risk and improve compliance by applying a tried a tested approach built on solid business partnering techniques:
- A common language
- Shared interests and goals
- Listening and learning as well as training and instructing
We leverage Infosec's technology and process capabilities and deliver the missing ingredient: Business Partnering!
Show you're listening
Set clear expectations
Manage people as people
Reduce security risk
Target risks effectively
Plan for the Future
Adopt a proven approach
Gain confidence in delivery
The Proposal: Information Security Engagement Programme
A proven method to re-engage your organisation in reducing information security risk
What you'll get:
- Clear articulation of issues to create a compelling case for change to all audiences
- A series of workshops to help realise the shared opportunity between stakeholders
- Establish a programme for training, communication and engagement management
- Organisational change facilitation and coaching that looks at communication styles, attitudes, behaviours and beliefs
More detail on the approach and the rationaleView in Slideshare
Watch the Video
At the ESRM conference in April 2015, Baxter Thompson Associates shared their views on applying BRM principles to Information Security - specifically User Awareness. In this document, we describe how we advocated implementing a new approach to working with stakeholders to improve compliance and reduce risk on security controls information security for a major financial services provider.