Organizations focused on creating a security culture are looking for new, innovative ways to create security awareness and inspire employees at all levels to take ownership of security. One the strategies that they are adopting is a security champions program.
While the idea is not new — some leading enterprises have had these programs for at least a decade — Gartner predicts that the number of organizations with a security-champion strategy will grow from 10 percent in 2017 to 35 percent in 2021. Among the reasons that drive this growth are the low cost, a potentially high return on investment and the overall effectiveness of the program.
While many companies launching this program are in the tech sector, organizations of all sizes and from any industry can benefit from having security champions. By creating a network of employees who can serve as conduit for information dissemination, you’re adding another layer for communicating your security objectives. At the same time, you create an open dialogue with the security team and strengthen your security culture by giving others in the organization ownership of security.
Do you need to adopt a security culture before you can have a successful champion program, or do you create a security champion program so you can build a security culture? This may seem like a chicken-or-the-egg question. The simple answer is that the two are intertwined and you may be building the two in tandem.
You may not have a strong security culture yet — that’s why you need security champions after all, right? But at the very least, the organization’s leadership needs to understand why there’s a need for a cultural change and be willing to support the strategies you’re proposing for creating that change. And vice versa: you could likely achieve a security culture without (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/i7Ur6V2-fPU/