Leadership and Governance

Strong security leadership can ensure you have effective security strategies

Last Updated 21 December 2020

Introduction

Positive and visible Board level support for protective security is vital to demonstrate to staff the value placed on personnel and people security policies and procedures. As part of an overarching protective security strategy, strong security governance will:

  • Deter employees who may wish to harm your organisation by creating an open and transparent organisational framework where security is actively promoted as the responsibility of all staff whilst providing appropriate resource and support in implementing a proportionate, multi-disciplinary approach to countering insider threats.

Strong security leadership, at all levels across your organisation will:

  • Ensure consistency and clear lines of responsibility for the management of security risk
  • Foster a multi-disciplinary approach to countering the insider threat
  • Ensure proportionate and cost effective use of resources
  • Provide essential management information for the purposes of security planning and people management
  • Provide a strong example that both develops and underpins an effective security culture.

 

CPNI research has identified that a single accountable board level owner of security risk and a top-down implementation of security policies and expected behaviours is likely to promote a more compliant and consistent approach across your organisation.

Inadequate corporate governance structures and a lack of awareness of insider threat at a senior level can undermine effective security strategies and make it harder to detect, investigate and prevent insider activity.

Holistic Management of Employee Risk (HoMER)

Holistic Management of Employee Risk (HoMER) guidance is to help you manage the risk of employees’ behaviour damaging your business.

The holistic use of targeted security measures and interventions (eg information, personnel and physical) will help you spot high-risk workplace behaviour and reduce the potential of employees carrying out malicious attacks.

This guidance is for board members and the managers of risk in your organisations. A Holistic Management of Employee Risk (HoMER) Executive Summary is also available.

Personnel Security Animations

CPNI’s Personnel Security films are one-to-two minute, light-hearted animations, for people new to personnel security. The first three are aimed at managers, the next two are for all staff; and the last is for anyone making strategic decisions based on people-risk, such as HR, IT and security managers. Upload the films to your intranet or internal message boards or show them on management, security or induction training courses.

Communicating personnel security messages further explanations is also available.

Fly In The Ointment

Management responsibility for employee risk

This film illustrates how personnel security issues can damage an organization, its operations, reputation and profit. It gives the message that managers are responsible for dealing with staff security issues, should lead by example and take any necessary action to deal with such issues.

You Choose

Effective management

This film focusses on the link between insider activity and disgruntled employees, lifestyle vulnerabilities and poor organizational factors. Good managers are more likely to intervene before an insider act occurs.

One Small Step

Security measures needn’t cost the Earth

Also focussing on the insider threat, this film shows managers that small, inexpensive changes to organizational culture can significantly improve the effectiveness of existing security measures.

Your Company Needs You

Who’s responsible for security?

This film shows that everyone is responsible for security. It highlights some common physical, IT and personnel security weaknesses, and suggests seeking more information from your own security team.

People, People, People

You are your company’s greatest asset

This film, also for all staff, tells the true story of a diamond thief, who used social engineering to undermine physical security measures. An employee’s behaviour can strengthen or weaken security.

Risky Business

Proportionate response to risk

This film illustrates the importance of making proportionate risk management decisions by undertaking personnel security risk assessments.

Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.