Organisational success relies on the relationship it has with its people (staff, contractors, stakeholders, suppliers and customers)
Good business relationships are secure and built on trust, where staff feel safe from threats and danger, and organisation has the right processes and environment in place to support staff to do the right things. When that trust and relationship breaks down, insider risk occurs.
Security begins within
Physical, Cyber and Technical security are the visible artifacts of a
secure environment.
Personnel security is the embodiment of a psychological security contract to establish trust between the organisation and the individual, determining how staff think, feel and act. This is why security begins within, both at organisational and individual levels.
Circle of trust
Managing the trust you give people requires an enterprise-wide approach that coordinates strategic, operational, management and security controls to identify, mitigate and recover when the breakdown of that trust leads to insider risks at every stage of the employee life-cycle.
It can be helpful to think of this as a circle of trust, where you identify controls that help establish, enable, maintain and regain trust throughout the employee lifecycle.
Establish trust
Initiate trust in the relationship by:
Making strategic insider risk assessments by understanding the organisational threat landscape.
Asset and role-based security assessment to identify potential insider risks.
Risk-based pre-employment screening for all personnel.
Enable trust
Empower the individual to think, feel and act
ain a security minded way by:
Induction program outlining employee expectations.
Governance, policy and process for managing and monitoring insider risks.
Forming strategic insider risk working groups to set thresholds, define terms, and track risk trends.
An organisational and security culture that supports expected behaviours.
Maintain trust
Sustain trust with staff who have more
responsibility by:
Security Awareness training for Line Managers.
Employee Assistance Programmes and Speak
up channels.Protective monitoring aligned to key business and security risks.
Movers strategy, provide assurance for staff moving into higher-risk roles.
Ongoing security, education and awareness programmes.
Regain trust
Address staff misconduct at an individual level
and prevent future harm to the organisation by:
Risk & audit programs for compliance, insider threats,
and mitigation recommendations.Consequence management - Clear disciplinary policies.
Ethical investigations: Confidential, fair, and transparent.
Test policies & assign ownership.
Targeted interventions to reduce repeat incidents.
Exit strategies to remind the individual of any
ongoing obligations.Communication strategies following major insider risks to redress staff confidence.
Key services
The most impactful defence for insider risk is often about making better use of existing controls (security and non-security) in a more coordinated and structured way. Au Security can help your business through a range of services.
-
Get teams across your organisation up-to-speed on what Insider risk and personnel security is, and what needs to be done to create a circle of trust programme
-
Workshops helping you understand why and where your organisation carries insider risk
Consultancy-led asset and role-based insider risk assessments
-
Help your organisation understand its current level of insider risk maturity, identify gaps in your current security setup, and create a mitigation plan that coordinates and strengthens existing controls
-
Build knowledge and resilience across your organisation through bespoke workshops covering all activities in the circle of trust programme
-
Working alongside your organisation as your insider risk programme matures to provide benchmarking assurance and critical friend roles
