Do You Have Security Champions in Your Company? A 6-Step Checklist for a Successful Program


Many companies use information security teams to manage and implement information security measures within the organization, and this practice is pretty standard. But aside from security teams, companies can also use Security Champions.

Security Champions are not part of the security team, but they enrich their respective teams/departments with information security knowledge and leadership that they provide to the other team/department members. This translates into a more integrated company that is better prepared for today’s information security landscape.

This article will detail a six-step checklist for the information security environment within an organization. If you can apply these steps to your organization, then you will have a solid start at a Security Champions program.

1. Identify Security Champions

There a few different ways to identify Security Champions within your organization. The first is by providing a survey to members of all teams in the organization. Include questions about their general information security proclivity, followed by questions narrowing down their strengths and skills within the information security sphere.

Another great way to identify Security Champions is to incentivize the responsibility. Some ideas of incentives include free lunches, preferred parking spots and a slight pay raise (where budget allows). Extra incentive on the job is a good way to coax engagement out the most reluctant of employees.

You can also regularly monitor employees while keeping an eye out for ones with an affinity for security. Employees typically lean towards their interests on the job, and information security is no exception. For example, if you see someone in accounting advising a co-worker about avoiding a phishing scheme or hear a marketing team member speaking knowledgeably about a recent ransomware attack, then you have possibly found a Security Champion. Sometimes employees will even self-identify as a Security Champion. If you do notice someone (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: