1st Edition

Security Culture A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

By Hilary Walton Copyright 2015

    Security Culture starts from the premise that, even with good technical tools and security processes, an organisation is still vulnerable without a strong culture and a resilient set of behaviours in relation to people risk. Hilary Walton combines her research and her unique work portfolio to provide proven security culture strategies with practical advice on their implementation. And she does so across the board: from management buy-in, employee development and motivation, right through to effective metrics for security culture activities. There is still relatively little integrated and structured advice on how you can embed security in the culture of your organisation. Hilary Walton draws all the best ideas together, including a blend of psychology, risk and security, to offer a security culture interventions toolkit from which you can pick and choose as you design your security culture programme - whether in private or public settings. Applying the techniques included in Security Culture will enable you to introduce or enhance a culture in which security messages stick, employees comply with policies, security complacency is challenged, and managers and employees understand the significance of this critically important, business-as-usual, function.

    Chapter 1 Introduction; Chapter 2 What Is Security Culture and People Risk? Why Are They Important?; Chapter 3 Building the Business Case for Security Culture and People Risk Management: Getting Senior Level Buy-in and Commitment; Chapter 4 Assessing Security Culture; Chapter 5 How to Improve Security Culture: Intervention Toolkit; Chapter 6 How to Prioritise What to Do Next; Chapter 7 Metrics: Measuring the Impact on the Organisation; Chapter 8 Case Studies; cs1 Case Study 1: Olympic Delivery Authority; cs2 Case Study 2: A Large Company Supplying Vital Services; cs3 Case Study 3: A Small Start-Up; cs4 Case Study 4: A Government Organisation; cs5 Case Study 5: Risk Management Culture; cs6 Case Study 6: Learning the Hard Way;

    Biography

    Hilary Walton is an Organisational Psychologist and works for Airways, New Zealand’s air navigation service provider, as their Resilience and Continuity Manager. She provides advice to ensure that critical business processes across the organisation are sufficiently resilient to continue operating effectively. This includes activities such as oversight of security, change management, business continuity planning, software assurance and safety change processes. She has also worked for the Olympic Delivery Authority (ODA) where she helped to implement culture change and had privacy and data protection responsibilities. Hilary formerly led a Security Culture project for a UK Government security authority before working for the Olympics. She is a Chartered and HPC registered senior Organisational Psychologist with consulting experience in both the United Kingdom and Australasia. She has worked within both private and public organisational settings, ranging from the Royal New Zealand Air Force through to large government clients and telecom organisations.

    ’In 15 years I have read hundreds of security books. Seldom have I read a book with such ambition and scope, impeccable sources, and grasp of what’s possible and practical - and what’s not - in the business of security management. Any serious security managers wanting to make things happen in their workplaces should open this book.’ Mark Rowe, Editor, Professional Security Magazine

    'Walton combines her academic and theoretical expertise with rich and, almost certainly, unique experience of delivering successful security culture programmes under very challenging circumstances. She offers a precious insight into the world of personnel security and the human factor, and, in doing so, provides a priceless menu of highly practical tips and advice. This is a must-read for anyone serious about security.' Stephen Cooper OBE, former Head of Security, Olympic Delivery Authority

    ’One of the least understood but most important skills of business management is that of people security. This book demonstrates that there is no point building a digital or physical fortress if staff don't understand the value of security. The author is a respected expert who has not only helped devise security culture programmes, but has also put it into practice in high profile environments. An essential read for senior executive teams, human resources managers and security teams.’ Chris Phillips, Former Head of the UK's National Counter Terrorism Security Office (NaCTSO); currently the Director of International Protect and Prepare Security Office (IPPSO)