Worried That Compliance Isn’t Enough

Worried That Compliance Isn’t Enough?

A common complaint of CISOs is that employees know what to do but they just don’t do it

Awareness of rules and best practice fails to produce effective follow-through when it comes to security behaviours, whether it’s exercising caution around emails, locking screens when leaving computers unattended, or shredding documents before they go to recycling.

People aren’t always the problem…

It’s easy to state the problems the ‘human factor’ presents for business but we need to understand the context which perpetuates non-compliant behaviours. That context is always cultural.

…they can be the solution, if there’s a security culture supporting them

It’s possible to have the impression of compliance but a reality that falls far short of providing an effective response to risks faced by the business. In other words, people know what to do, they show that they know what to do in annual tests, but awareness isn’t translating into behaviours, corners are being cut and people are bypassing secure procedures. Worse, they might talk of those procedures as being “a pain”, “a waste of time”, “a barrier to getting the job done.” Altogether this is a detrimental ‘shadow’ security culture that is working counter to compliance.

We might view compliance as being the basics and doing what you’re told – it’s reactive. Security culture change is bigger, it’s holistic and much more dynamic. Colleagues engage their values and they interact with each other. They understand the risks and take responsibility and initiative – it’s proactive.

Create a security culture people take pride in being a part of

In the next webinar in our People in Security series, we’re looking at compliance, culture and how to develop both in order to mitigate people risks.


Details of the webinar

TITLE: Minimise Risk – using people to prove compliance

HOSTS: Sarah Janes (Managing Director) and Amanda Price (Creative Director – Operations)

WHEN: Thurs 8th March 2018 at 11.00am-11.30am


Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email


View our other posts and insights

Scroll to Top