The Relationship Between Roles: Human Resources And Information Security | HR Is The Organization's Communications Super Glue | Redefining Security Culture With Dora Ross, Global Security Culture Specialist

ITSPmagazine Podcast

English - March 16, 2021 18:30 - 33 minutes - 31 MB - ★★★★★ - 15 ratings
Technology education internet business computers digital transformation future technology innovation science hacking Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Compliance Is Not Security | A Conversation With Compliance Guru, AJ Yawn | Tech Done Different With Ted Harrington

Next Episode: Improving Life Through Smart Buildings — How Technology Can Bridge The Gaps We've Created At Home, At Work, And While Shopping | A Cyber Society Conversation With Todd Boucher

The human resources department within any organization is well-positioned to feel the pulse and monitor a company's culture—teams, divisions, and the organization as a whole. Because of this, it could be the ideal ally to the InfoSec team. But is it? Let's find out.

Consider the lifecycle of an employee. The initial company awareness, gaining familiarity with its brand, exploring its job opportunities, moving on to the next role, all the way to retirement—or perhaps even getting fired. Of course, there's everything in-between as well, including annual performance reviews, salary and compensation discussions, workplace behavior and related training, ongoing education, promotions, and more.

At each stop along their journey and throughout each of the phases within the candidate/employee journey, HR has an opportunity to help shape the company's culture by reinforcing fundamental principles, operational ethics, and the related policies and actions. Just as we should be baking information security into the products—as early, and as often as possible—we should follow this same model for building our workforce and the company culture in which they exist.

There's an opportunity for InfoSec and HR to collaborate to present and discuss the value of good information security hygiene: using a password manager, connecting through a VPN, paying attention to potential leaks or loss of data, and thinking critically during a security awareness training event—these are just a few examples.

The importance of security shouldn't begin once the person becomes an employee; the organization can demonstrate their investment in InfoSec well before the jobs are posted and the interviews start.

On the other side of the equation, there's an opportunity to maintain security and safety for the organization by encouraging a now-former employee to continue to carry with them the lessons they've learned as they move on to another company or retire into the sunset.

Easy to say, but is it that simple? How are HR departments holding on with all the new responsibilities piling up on their desk lately? Can they take one more role without a fundamental redefinition of their role within a company?

There's so much to be gained here. This is definitely a conversation worth listening to, especially if you are in HR, InfoSec, or are an employee (I think that captures everyone, doesn't it?).

Enjoy!

NOTE: This episode is part of our "Building Better Security Relationships" series. Catch the last episode with Legal Counsel here: http://itsprad.io/redefining-security-411

Guests
Dora Ross, Global Security Culture Specialist

This Episode’s Sponsors

Imperva: https://itspm.ag/imperva277117988

HITRUST: https://itspm.ag/itsphitweb

Key Resources: https://itspm.ag/keyresources-2876

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-security

Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships