Security begins within

Organisational success relies on the relationship of trust it has with its people (staff, contractors, stakeholders, suppliers and customers)

When trust breaks down, organisational vulnerability to insider activity increases. Creating the right environment where people adopt good security behaviours is key to reducing insider risk.

Physical, Cyber and Technical security are the visible artifacts of a secure environment.

Personnel security is the embodiment of a psychological security contract to establish trust between the organisation and the individual, determining how staff think, feel and act. This is why security begins within, both at organisational and individual levels.

Circle of trust

Managing the trust you give people requires an enterprise-wide approach. The coordination of organisational controls is required to identify, reduce and recover from insider activity.

It can be helpful to think of this as a circle of trust, where you identify controls that help establish, enable, maintain and regain trust throughout the employee lifecycle.

As an organisation you can:

Establish trust

Initiate trust in the relationship:

  • Understand the organisational insider risk landscape to enable proportionate and necessary strategic decision making.

  • Identify and integrate insider risk mitigations into existing policies.

  • Assess insider risk against the organisation’s assets and business functions.

  • Adopt risk-based pre-employment screening for all personnel.

Enable trust

Encourage the right security behaviours
from the start:

  • Run induction programs outlining employer expectations for all personnel.

  • Coordinate governance, policy and process for managing and monitoring insider risks.

  • Form strategic insider risk working groups to set thresholds, define terms, and track risk trends.

  • Embed security culture into wider organisational culture activities.

Maintain trust

Continue good security behaviours as personnel
move through the organisation:

  • Run security awareness training for all managers.

  • Enable personnel to report security concerns.

  • Align protective monitoring to key business and security risks.

  • Consequence management - Clear disciplinary policies.

Regain trust

Take action when things go wrong to prevent
repeat incidents:

  • Ethical investigations: Confidential, fair, and transparent.

  • Audit and assurance programs for insider risks.

  • Targeted interventions to reduce repeat incidents.

  • Communication strategies following major insider risks.

Key services

The most impactful defence for insider risk is often about making better use of existing controls (security and non-security) in a more coordinated and structured way. Au Security can help your business through a range of services.

  • Get teams across your organisation up-to-speed on what Insider risk and personnel security is, and what needs to be done to create a circle of trust programme

  • Workshops helping you understand why and where your organisation carries insider risk

    Consultancy-led asset and role-based insider risk assessments

  • Help your organisation understand its current level of insider risk maturity, identify gaps in your current security setup, and create a mitigation plan that coordinates and strengthens existing controls

  • Build knowledge and resilience across your organisation through bespoke workshops covering all activities in the circle of trust programme

  • Working alongside your organisation as your insider risk programme matures to provide benchmarking assurance and critical friend roles

  • “I wholeheartedly endorse Sarah Austerberry’s recent presentation on "Strategic Risks, Hidden in Plain Sight – The Insider" as one of the most compelling and insightful contributions to the field.”

    Garry Bergin

    PC MSc CSyP® CPP® SRMCP® CPOI® CTSP® F.Sec.II FSyI F.ISRM

    Chair – ISRM Ireland Chapter

  • “Sarah's ability to blend advanced concepts with practical solutions was truly enlightening. Her contribution has left a lasting impact on my approach to security management, solidifying her status as a leading expert in the field.”

    Jonathan Pim

    Technical Services Director, Manguard Plus.

  • "Sarah joined my team for a short contract to review personnel security policy. The result? A new personnel security manual including policy to processes and templates, a series of briefings to those who work in or interact with personnel security, a review of our insider risk maturity mapped to the NPSA assessment criteria and a road map to improve."

    Nigel Furlong

    Senior Security Adviser, UKAEA

Let’s work together