- Community Home
- >
- Networking
- >
- Security e-Series
- >
- Management of Change
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2016 12:57 AM
09-20-2016 12:57 AM
Management of Change
Creating a security culture that sticks
Let’s start with a paradox: Without question, your most important weapon in the fight against cyber attacks is your workforce. Yet ironically, employees are considered the biggest risk potentially to IT security.
The trick to breaking this paradox is to raise awareness of security by combining compelling communication with engaging education and training that connects with your people on a personal level. It’s about thinking outside traditional methods to implement campaigns that embrace different cultures and the values of your organisation. It’s also about treating security awareness as a management of change process where you transition individuals, teams, and the entire organisation to a desired state. In this case, the desired state is a positive and sustainable security culture – transforming from a state of simply paying attention to security because it’s part of their job to one where security awareness is a natural part of everyday behaviours.
Make it personal
At HPE, we believe such change needs a committed investment of time, resources and ongoing effort to be truly impactful against current risks. We also understand that every company has a different security culture, heavily dependent on intercultural and individual aspects. That’s why our awareness campaigns are as individual as the company itself. And because we regard security as a management of change process, we focus very much on the internalisation of values and well as knowledge transfer. We believe it’s much more effective to engage with employees on an emotional level, understand what’s important to them, and align their values and existing corporate culture with a core set of security skills.
Think about it as being much more about employees recognising the risks in their daily work and less about drilling a list of ‘do’s and don’ts’ into them. They can then combine their understanding of risk with supportive behaviours on a personal level that contributes to the overall protection of your organisation.
Also in the fight against cyber crime, it’s crucial for IT Managers to think beyond mere technical tools to protect data. An effective and sustainable IT security system and culture works if it cuts across processes, hierarchies and roles. A clear view of the organisation, its culture and interdependencies means security awareness can be targeted at specific groups of employees, delivering a set of core security skills relevant to individual roles.
Be creative and cultural
Every person and organisation is different so for an awareness programme to be effective, it needs to be interactive, creative and dynamic – using a mixture of channels and approaches to address different regional and national cultures.
Equally, the more employees can apply their learning and embed their security culture outside of work the more it becomes a natural part of behaviour – in the way they use the internet and social media for example. This is by no means an easy task, primarily because it requires a fundamental shift in current patterns of behaviour and routines. But if you use a targeted individual and group approach to security awareness you’re much more likely to address real and current needs in both an employee’s working life and private life.
Responsibility, trust, communication and cooperation are the four cornerstones of an engaging security culture – and one in which your employees are motivated to play an active role. With the right approach, they can use both their successes and mistakes as opportunities to learn and improve, and by understanding what and how to protect security employees become your greatest allies in the war against cybercrime.