'Blazing Saddles'
A couple of weeks back, I was privileged to be invited as a friend of Scotwork to attend ‘The HR Directors Business Summit’ in Birmingham, UK.
The opening of the 3 day event was headlined by ‘Howard Webb MBE’ who introduced us to his life as a professional referee and his personal experiences at club level, country level and refereeing the final of the last World Cup. He explained that throughout his career he was asked to draw upon all of his skills, expertise and knowledge, and within a matter of seconds conclude a decision that would ultimately come from his ‘Gut’.
Imagine deciding the difference between a free kick or a penalty in front of 1 billion viewers watching his hand reaching for either a card or pointing to the penalty spot – Oy Vey!
HR people are typically not my first port of call to be perfectly honest, surrounding Information Security and Cyber Security, however, the opportunity to understand their roles and responsibilities gave me ample insight and awareness to dot the i’s and cross the t’s. – HR and I.T do talk with one another.
People collaborate with People. People engage with Like Minded People.
Take for example a scenario whereby there’s been an internal breach such as a ‘Phishing Attack’, commonly stemming from clicking on what looked like a bonafide and genuine link as part of the email. Once it’s been clicked it’s too late, the hackers are now on the inside of your company’s network and use the entry point as the host to cast their attack of malicious ‘Ransomware’.
Both IT and HR will call upon one another’s team of experts, to mitigate the risks of exposure of the individual and/or the company and investigate whether the attack was internal or external.
There lies the collaboration, There lies the opportunity.
If you’re planning a security improvement programme or a new strategy of your cyber security, my advice would be talk with HR, their input could be of more value than you thought and be the trigger to empower you to trail blaze the saddles.
Jonathan Posner
Cyber Security Enterprise Account Manager
Security Strategist, Security Evangelist, Business & Career Mentor
9 年Jonathan Posner you're very right to call this out, and there are a number of ways that HR and Infosec should always be collaborating in any organisation that aims to be highly functional and mature as far as IT governance is concerned. Infosec policies are all about the human side of security and privacy and need to kept synched with HR onboarding, enablement and exit processes. Such policies usually lay out what is expected of an employee and even under what situations a serious breach of policy might be grounds for staff performance review, and in the most heinous breaches dismissal. Of course HR ought not be the stick which we wave at staff in support of Infosec's goals - as you very rightly say they are a vital team member to help ensure that staff are protected from personal impact in the case of a data leak. Hopefully they also know a bit about training, and can be a supportive part of making sure that Infosec related awareness raising is successful. Lastly, they are also part of the staff provisioning and deprovisioning workflow, knowing as they do of the hiring, promotions, transfers and exist of (at least permanent) employees. Thank you for raising this important topic.
Commercial negotiation consultant and skills trainer.
9 年Jonathan makes a great point. Business needs to work together internally across many often misaligned functions. Negotiating better within as well as outside the business will help. Put the right protection in place first of course.
Creditable - The Trade Credit Company
9 年Jonni. Thanks for this. You are right in that HR is not generally seen as 'adding value' (!) to Cyber Security matters. What we learnt last week was that quiet the opposite is true and that HR should be an involved party, not just as a post event (breach) participant, but also as a key player in the ongoing prevention by training and development of employment contract details. Like the reference to 'blazing Saddles' - one of the original laugh out loud films of my youth!!