Information security (IS) and/or cybersecurity (cyber) are more than just technical terms. They’re the processes, practices and policy that involve people, services, hardware, and data. In particular, IS covers how people approach situations and whether they are considering the “what if’s” of malicious actors, accidental misuse, etc.

I’m not sure about your operations teams, but no one in any of mine, myself included, were able to read minds. Therefore, in order to maintain the secure practices built into our policies and procedures, people from other teams needed to be able to read and understand the why of these practices.

We needed to recognize how to be more secure and what actions were considered to be of higher risk within our daily interactions with data, systems, and people. Whilst it was the operations team’s role to train these consumers, it was ultimately the responsibility of every single employee to practice those secure actions.

Within your organisation, you may have read security awareness documentation, attended some training, or even participated in simulations. These are all part of building an understanding of security. Consider it as training for your role just like any other schooling, certifications, lectures, etc. that you may have taken to get the job you’re in.

When you’re unsure about an action to take or process to follow for your everyday job, consider this the same thing. Contact your line manager and ask for resources, training, and support. When reviewing your documentation and procedures, check whether they have security in mind and whether have they been reviewed by IS/cyber operations.

Your role as a member of the IS/cyber defense team is to recognize that the daily interactions you have across the organization—be it human to human, human to system, or system to system—are a part of this role. How can (Read more...)