Identifying Security Behaviours
What does good security behaviour look like in your organisation?
Your workforce can play a vital role in the protection of your sensitive assets and information. Defining what it is that you expect from your workforce, and articulating this effectively to them, is a key first step in embedding good security practice. For example:
- What behaviours do you require from employees at work, outside of work and online to keep themselves and your organisational assets safe and secure?
- Do these behaviours differ depending on the part and/or location of the organisation your employees work in?
- What behaviours do you require from visitors when on site so they don’t compromise security?
- What behaviours do you require from suppliers and partners when handling or accessing your information or equipment to protect them from security threats?
TIP: Identifying the security behaviours you require is best done once you have completed a risk assessment and are clear on (a) the areas of a site that are high, medium and low risk, and (b) the groups and/or individual roles that have access to your most sensitive assets (e.g. privileged access, critical, and /or sensitive roles).
When you are clear on the target security behaviours that you require from your workforce, the next step is to review your security culture to ensure you are developing an environment that enables and embeds these desired behaviours.