Information security is more than an IT issue – it is an integral aspect of the effectiveness and success of an organisation, helping gain consumer trust and enabling the business to profit from new business channels. Yet, the value of information security continues to be overlooked and awareness at all levels within an organisation remains limited. In order to ensure an organisation is secure, perceptions of information security need to be changed. The board needs to be persuaded of its value. Users need to understand the consequences of their actions. All aspects of the business need to be engaged, including third parties and information security’s goals aligned with the overall business objectives and those of individual departments and business functions.
But how do you do this? How should information security be structured? How do you ensure that information security is a business enabler? How do you communicate risk across the business to get buy-in – both financial and cultural? How do you engage the whole enterprise and the extended enterprise in information security and build awareness? How do you break outside the compliance agenda and work differently with business to drive innovation and change?
These questions and more will be addressed and you will:
- Understand how to drive and manage cultural change so the business recognises the value of data and information
- Navigate the challenges of changing behaviour within an organisation to drive awareness and get buy-in from the individual. Should you use the carrot or the stick? What does an effective, low cost, high impact awareness programme look like?
- Acquire insight into how to communicate increasingly complex threats, risk and performance to the business to secure buy-in and investment
- Find out how to use security metrics to send the right message to the decision-makers and budget holders