Organisational success relies on the relationship it has with its people (staff, contractors, stakeholders, suppliers and customers)

Good business relationships are secure and built on trust, where staff feel safe from threats and danger, and organisation has the right processes and environment in place to support staff to do the right things. When that trust and relationship breaks down, insider risk occurs.

Security begins within

Physical, Cyber and Technical security are the visible artifacts of a
secure environment.

Personnel security is the embodiment of a psychological security contract to establish trust between the organisation and the individual, determining how staff think, feel and act. This is why security begins within, both at organisational and individual levels.

Circle of trust

Managing the trust you give people requires an enterprise-wide approach that coordinates strategic, operational, management and security controls to identify, mitigate and recover when the breakdown of that trust leads to insider risks at every stage of the employee life-cycle.

It can be helpful to think of this as a circle of trust, where you identify controls that help establish, enable, maintain and regain trust throughout the employee lifecycle.

Establish trust

 Initiate trust in the relationship by:

  • Making strategic insider risk assessments by understanding the organisational threat landscape. 

  • Asset and role-based security assessment to identify potential insider risks.

  • Risk-based pre-employment screening for all personnel.

Enable trust

Empower the individual to think, feel and act
ain a security minded way by:

  • Induction program outlining employee expectations.

  • Governance, policy and process for managing and monitoring insider risks.

  • Forming strategic insider risk working groups to set thresholds, define terms, and track risk trends.

  • An organisational and security culture that supports expected behaviours.

Maintain trust

Sustain trust with staff who have more
responsibility by: 

  • Security Awareness training for Line Managers.

  • Employee Assistance Programmes and Speak
    up channels.

  • Protective monitoring aligned to key business and security risks.

  • Movers strategy, provide assurance for staff moving into higher-risk roles.

  • Ongoing security, education and awareness programmes.

Regain trust

Address staff misconduct at an individual level
and prevent future harm to the organisation by:

  • Risk & audit programs for compliance, insider threats,
    and mitigation recommendations.

  • Consequence management - Clear disciplinary policies.

  • Ethical investigations: Confidential, fair, and transparent.

  • Test policies & assign ownership.

  • Targeted interventions to reduce repeat incidents.

  • Exit strategies to remind the individual of any
    ongoing obligations.

  • Communication strategies following major insider risks to redress staff confidence.

Key services

The most impactful defence for insider risk is often about making better use of existing controls (security and non-security) in a more coordinated and structured way. Au Security can help your business through a range of services.

  • Get teams across your organisation up-to-speed on what Insider risk and personnel security is, and what needs to be done to create a circle of trust programme

  • Workshops helping you understand why and where your organisation carries insider risk

    Consultancy-led asset and role-based insider risk assessments

  • Help your organisation understand its current level of insider risk maturity, identify gaps in your current security setup, and create a mitigation plan that coordinates and strengthens existing controls

  • Build knowledge and resilience across your organisation through bespoke workshops covering all activities in the circle of trust programme

  • Working alongside your organisation as your insider risk programme matures to provide benchmarking assurance and critical friend roles

  • “I wholeheartedly endorse Sarah Austerberry’s recent presentation on "Strategic Risks, Hidden in Plain Sight – The Insider" as one of the most compelling and insightful contributions to the field.”

    Garry Bergin, Chair, ISRM Ireland Chapter

  • “Sarah's ability to blend advanced concepts with practical solutions was truly enlightening. Her contribution has left a lasting impact on my approach to security management, solidifying her status as a leading expert in the field.”

    Jonathan Pim, Technical Services Director, Manguard Plus.

  • “Sarah’s extensive experience shone through as she adeptly discussed the nuances of creating effective strategic security programmes and the critical role of insider risk management.”

    Ross Harvey

Let’s work together