Security begins within

Organisational success relies on the relationship of trust it has with its people (staff, contractors, stakeholders, suppliers and customers)

When trust breaks down, organisational vulnerability to insider activity increases. Creating the right environment where people adopt good security behaviours is key to reducing insider risk.

Physical, Cyber and Technical security are the visible artifacts of a secure environment.

Personnel security is the embodiment of a psychological security contract to establish trust between the organisation and the individual, determining how staff think, feel and act. This is why security begins within, both at organisational and individual levels.

Circle of trust

Managing the trust you give people requires an enterprise-wide approach. The coordination of organisational controls is required to identify, reduce and recover from insider activity.

It can be helpful to think of this as a circle of trust, where you identify controls that help establish, enable, maintain and regain trust throughout the employee lifecycle.

As an organisation you can:

Establish trust

Initiate trust in the relationship:

  • Understand the organisational insider risk landscape to enable proportionate and necessary strategic decision making.

  • Identify and integrate insider risk mitigations into existing policies.

  • Assess insider risk against the organisation’s assets and business functions.

  • Adopt risk-based pre-employment screening for all personnel.

Enable trust

Encourage the right security behaviours
from the start:

  • Run induction programs outlining employer expectations for all personnel.

  • Coordinate governance, policy and process for managing and monitoring insider risks.

  • Form strategic insider risk working groups to set thresholds, define terms, and track risk trends.

  • Embed security culture into wider organisational culture activities.

Maintain trust

Continue good security behaviours as personnel
move through the organisation:

  • Run security awareness training for all managers.

  • Enable personnel to report security concerns.

  • Align protective monitoring to key business and security risks.

  • Consequence management - Clear disciplinary policies.

Regain trust

Take action when things go wrong to prevent
repeat incidents:

  • Ethical investigations: Confidential, fair, and transparent.

  • Audit and assurance programs for insider risks.

  • Targeted interventions to reduce repeat incidents.

  • Communication strategies following major insider risks.

Key services

The most impactful defence for insider risk is often about making better use of existing controls (security and non-security) in a more coordinated and structured way. Au Security can help your business through a range of services.

  • “I wholeheartedly endorse Sarah Austerberry’s recent presentation on "Strategic Risks, Hidden in Plain Sight – The Insider" as one of the most compelling and insightful contributions to the field.”

    Garry Bergin

    PC MSc CSyP® CPP® SRMCP® CPOI® CTSP® F.Sec.II FSyI F.ISRM

    Chair – ISRM Ireland Chapter

Item 1 of 3

Let’s work together