Creating an interactive data experience Free Webinar 09/21/2021 Creating an interactive data experience Sign up now
Close banner
Go back to Blog's hub Blog   |   tags:  

How building trust can help ensure a company’s security

Written by Tomas Honzak  | 

Share
How building trust can help ensure a company’s security

Ensuring a company’s security is a responsibility that rests on every employee, which is why building trust at every level of a company is such an integral part of a Chief Information Security Officer’s job. In a recent article I wrote for Help Net Security, I explained the substantial role that trust plays in an organization’s security framework, particularly the trust between a CISO, the management team, and all employees. That confidence must be present at two main levels:

  1. At the company level, everyone needs to trust that the framework and system that have been implemented are based on deep knowledge and an understanding of all the company’s business processes and technology.
  2. At the employee level, staff needs to realize that the CISO’s concern extends beyond protecting just the company to protecting the actual employee.

It can be tempting for employees to “go rogue”, to deviate from the provided framework for any number of reasons; perhaps they’re trying to meet a deadline, or they find that it’s easier to keep doing what they’ve been doing, or they feel the framework is theoretical. Only by trusting in the CISO’s skills and vision can those in the company truly understand that the security processes that have been put in place are thorough and account for their concerns. From management down to the sector level, all employees should feel confident that the security framework is based on solid insights and that when an issue arises, someone on the security team will help them figure out how to address it.

Building trust at the employee level is something I try to focus on every day, and these acts are essential. When breaches or other security issues occur, even if GoodData is not directly affected, I still want to provide guidance for our employees, make them aware of the risk they’ve been exposed to, and let them know their rights and the appropriate steps to take to mitigate that risk. In this way, they see how the security steps that they hear about are an important part to ensuring their own security as well as the company’s.

Security is an end-to-end process; it doesn’t stop when you close your office door. In the same way that I am committed to ensuring our employees’ security, I want them to ensure our security as well. If employees see that a CISO truly cares and is invested, that connection—in my opinion—is more valuable than any management presentations, tests, or training you can introduce.

Written by Tomas Honzak  | 

Share
Go back to Blog's hub Blog   |   tags:  

Related content

Read more

Subscribe to our newsletter

Get your dose of interesting facts on analytics in your inbox every month.

Subscribe