How do you build a security-focused culture within IT?

People & LeadershipStrategy & ArchitectureSecurity & GRC+1 more
1.2k views1 Upvote3 Comments
no title, Self-employed
It's a culture shift you have to create by educating people on what it is that you're actually doing. I've found that when we set up something new, a lot of people ask us questions about what we're doing. The first thing they want to know is basically if the company is watching what they post on social media or what they buy on Amazon. They don’t understand that's the least of my worries. My worries are, “Did you accidentally send out something with a bunch of PII to someone you shouldn't have sent it to?” Those are the real concerns, things that create liability for the company, because our entire job is to enable the company to securely be productive. So I think that's the first thing is to get everyone on board and explain what we're looking to do and what we're trying to protect against. This isn't about a big brother situation. I always tell people, "What you do on your computer is a productivity situation between you and your manager. What we do to secure the endpoint, is to protect the company." I like to impress that upon people.
Vice President, IT & Systems in Software, 1,001 - 5,000 employees
Security should be part of everyone’s job responsibilities within IT. Right when people join, mandatory information security training should make this part of their DNA. We showcase the partnership and joint goals between security and IT operations teams. This brings in joint responsibility whether it’s onboarding, ticket management, vulnerability fixes, incident and change management, internal IT audits etc. as part of shared responsibility and training. I think everybody within IT should feel that they are contributing to security overall to build a security focused culture within IT.
1
Director of IT in Transportation, 5,001 - 10,000 employees
training, education and constant use of products
1

Content you might like

Do you plan to deploy security containers in the next 6-12 months?

Security & GRC

Yes68%

No32%


218 PARTICIPANTS
877 views1 Comment

My organization’s plans to return to the office in 2022 will be postponed.

People & LeadershipProcess ManagementAvailability & Capacity Management

Strongly Agree10%

Agree59%

Neither Agree nor Disagree16%

Disagree10%

Strongly Disagree5%


224 PARTICIPANTS
609 views

What technology solution are you using for your employee experience platform?  How does it integrate with your HCM solution and intranet solution?  Any do's and don'ts, lessons learned to share?

Applications & PlatformsPeer InsightsStrategy & Architecture
354 views2 Comments

What are some great on-prem and SaaS programs for internal PKI and Certificate Life Cycle Management? 

Applications & PlatformsSecurity & GRC
Read More Comments
1.7k views1 Upvote2 Comments

How does your company handle AD accounts after a person leaves the company?  We have been changing the passwords, disabling them, and moving them to a separate OU, but I'm interested to hear if you do anything else.

Security & GRC
Product development engineer in Manufacturing, 201 - 500 employees
whattt
Read More Comments
853 views2 Comments