The human resources department within any organization is well-positioned to feel the pulse and monitor a company's culture—teams, divisions, and the organization as a whole. Because of this, it could be the ideal ally to the InfoSec team. But is it? Let's find out.
Consider the lifecycle of an employee. The initial company awareness, gaining familiarity with its brand, exploring its job opportunities, moving on to the next role, all the way to retirement—or perhaps even getting fired. Of course, there's everything in-between as well, including annual performance reviews, salary and compensation discussions, workplace behavior and related training, ongoing education, promotions, and more.
At each stop along their journey and throughout each of the phases within the candidate/employee journey, HR has an opportunity to help shape the company's culture by reinforcing fundamental principles, operational ethics, and the related policies and actions. Just as we should be baking information security into the products—as early, and as often as possible—we should follow this same model for building our workforce and the company culture in which they exist.
There's an opportunity for InfoSec and HR to collaborate to present and discuss the value of good information security hygiene: using a password manager, connecting through a VPN, paying attention to potential leaks or loss of data, and thinking critically during a security awareness training event—these are just a few examples.
The importance of security shouldn't begin once the person becomes an employee; the organization can demonstrate their investment in InfoSec well before the jobs are posted and the interviews start.
On the other side of the equation, there's an opportunity to maintain security and safety for the organization by encouraging a now-former employee to continue to carry with them the lessons they've learned as they move on to another company or retire into the sunset.
Easy to say, but is it that simple? How are HR departments holding on with all the new responsibilities piling up on their desk lately? Can they take one more role without a fundamental redefinition of their role within a company?
There's so much to be gained here. This is definitely a conversation worth listening to, especially if you are in HR, InfoSec, or are an employee (I think that captures everyone, doesn't it?).
Enjoy!
NOTE: This episode is part of our "Building Better Security Relationships" series. Catch the last episode with Legal Counsel here: http://itsprad.io/redefining-security-411
Guests Dora Ross, Global Security Culture Specialist
This Episode’s Sponsors
Imperva: https://itspm.ag/imperva277117988
HITRUST: https://itspm.ag/itsphitweb
Key Resources: https://itspm.ag/keyresources-2876
____________________________
To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at: https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in advertising on ITSPmagazine? 👉 https://www.itspmagazine.com/sponsorship-introduction
Are you interested in sponsoring an ITSPmagazine podcast? 👉 https://www.itspmagazine.com/podcast-series-sponsorships
The human resources department within any organization is well-positioned to feel the pulse and monitor a company's culture—teams, divisions, and the organization as a whole. Because of this, it could be the ideal ally to the InfoSec team. But is it? Let's find out.
Consider the lifecycle of an employee. The initial company awareness, gaining familiarity with its brand, exploring its job opportunities, moving on to the next role, all the way to retirement—or perhaps even getting fired. Of course, there's everything in-between as well, including annual performance reviews, salary and compensation discussions, workplace behavior and related training, ongoing education, promotions, and more.
At each stop along their journey and throughout each of the phases within the candidate/employee journey, HR has an opportunity to help shape the company's culture by reinforcing fundamental principles, operational ethics, and the related policies and actions. Just as we should be baking information security into the products—as early, and as often as possible—we should follow this same model for building our workforce and the company culture in which they exist.
There's an opportunity for InfoSec and HR to collaborate to present and discuss the value of good information security hygiene: using a password manager, connecting through a VPN, paying attention to potential leaks or loss of data, and thinking critically during a security awareness training event—these are just a few examples.
The importance of security shouldn't begin once the person becomes an employee; the organization can demonstrate their investment in InfoSec well before the jobs are posted and the interviews start.
On the other side of the equation, there's an opportunity to maintain security and safety for the organization by encouraging a now-former employee to continue to carry with them the lessons they've learned as they move on to another company or retire into the sunset.
Easy to say, but is it that simple? How are HR departments holding on with all the new responsibilities piling up on their desk lately? Can they take one more role without a fundamental redefinition of their role within a company?
There's so much to be gained here. This is definitely a conversation worth listening to, especially if you are in HR, InfoSec, or are an employee (I think that captures everyone, doesn't it?).
Enjoy!
NOTE: This episode is part of our "Building Better Security Relationships" series. Catch the last episode with Legal Counsel here: http://itsprad.io/redefining-security-411
Guests Dora Ross, Global Security Culture Specialist
This Episode’s Sponsors
Imperva: https://itspm.ag/imperva277117988
HITRUST: https://itspm.ag/itsphitweb
Key Resources: https://itspm.ag/keyresources-2876
____________________________
To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at: https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in advertising on ITSPmagazine? 👉 https://www.itspmagazine.com/sponsorship-introduction
Are you interested in sponsoring an ITSPmagazine podcast? 👉 https://www.itspmagazine.com/podcast-series-sponsorships
Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis
Dansk
Danmark