Developing a Security-Mindedness approach

Security-Mindedness is about encouraging business leaders, managers and practitioners to consider security across all areas of your organisations. Our advice outlines the steps to take when developing a Security-Mindedness approach

Last Updated 22 March 2021

What do we mean when we talk about Security-Mindedness?

Security-Mindedness is a term you will hear across security disciplines. It is about encouraging business leaders, managers and practitioners to consider security across their organisations, the assets they own and the services they deliver, as well as in their projects and programmes. 

This is especially relevant as we move into the digital age with more organisations needing to consider security than has traditionally been the case. 

An organisation must first appreciate and recognise that security threats, vulnerabilities and the potential resultant risks are something it needs to consider and understand. Being security-minded is about then responding to these risks in a way that it appropriate and proportionate. 

Security-Mindedness is generally undertaken with the aim of deterring and disrupting hostile, malicious, fraudulent and criminal behaviours or activities. However, the approach can also used by organisations to help to protect against loss of valuable commercial information, personal data and intellectual property.

Our approach to Security-Mindedness can be divided into 4 key stages:

1 - Recognise the threats

This relates to understanding the range of threats that could impact on:

  • the safety, security and/or resilience of your organisation
  • your personnel
  • your assets
  • your services

These threats could be terrorism, hostile actions by countries, commmerical espionage, organised crime, activists, lone actors, hackers and malicious insiders.

2 - Minimise the risks

The second stage is to develop and implement measures to mitigate those risks which exceed the risk appetite of your organisation. These measures should consider personnel, physical, and cyber security controls as well as measures to manage sensitive information which the organisation creates, acquires, processes and stores. The Security-Minded approach should also be underpinned by good governance, with accountability for the approach at the top management level of your organisation.

3 - Comply with policies and processes

Once the policies and processes are in place it is important that there is appropriate support to ensure their implementation. This includes developing a Security-Minded culture and undertaking proportionate levels of auditing and monitoring.

4 - Respond to incidents or breaches

Regardless of the measures in place it is possible that a security breach or incident could still occur. The final stage of the Security-Minded approach is to respond effectively and to identify and implement measures to reduce potential reoccurrence.

Our mission

At CPNI we advocate for all organisations to adopt a Security-Minded approach. Using the processes and methodologies will help start conversations with decision makers about security and help your organisation to become more resilient.

Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.