Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Leadership & Management Column / Security Leadership and Management

Communicate, Communicate, Communicate

Nothing is more basic than effectively communicating.

May 8, 2013
/ Print / Reprints /
ShareMore
/ Text Size+

 

Nothing is more basic than effectively communicating. You can develop world class policies, procedures and processes, but they must be effectively communicated. If no one has received any training on their individual roles, responsibilities and accountabilities relative to those guidelines, then those controls and systems are destined to fail. 

The quality, frequency and effectiveness of training and awareness programs are key review elements utilized by many of the regulatory agencies, including OSHA, FDA, DOE, DOD, DHS, FAA, etc. We would be remiss not to mention that you do not want to forget about regulations that can really come back and bite you, such as FCPA.  The United States Federal Sentencing Guidelines also utilize a similar assessment of an organization’s training programs as part of the calculations utilized when determining the level and severity of sentences handed down by Federal courts. Of course, we can’t forget civil liability involved in legal actions. These civil actions typically result from instances where a company’s products or processes are linked to illness, injury or death of consumers, company employees, contractors and supply chain partners.

There are numerous formats and methodologies that can be utilized to develop and deliver training and awareness programs. These programs have evolved rapidly over the years. The most effective method of training used to be – some say it still is – direct one-on-one training. The other types of on-the-job methods involved watching and learning from someone that had mastered the process, or mere trial-and-error. Today’s computer-savvy society thrives in an environment where online training is delivered through Web-based interactive serious gaming for education programs. Obviously, the key to any training or awareness program is how well individuals are able to grasp the information being presented, retain that information and then act upon any requirements for which they are individually or collectively accountable or responsible.

How many of you have witnessed, or have been the recipient (victim) of, the fire-hose delivery of important information during the on-boarding process (many HR departments call it “New Hire Orientation”)?  This “check the box” mentality is frequently deployed by HR departments that are being measured on how quickly they are able to assimilate a new hire into the workforce. Further complicating things, many HR organizations have turned to internal subject matter experts (SME) to participate in “New Hire Orientation” to deliver key information relating to specific requirements that fall under the oversight of each SME’s organization. Once “New Hire Orientation” is completed, HR organizations typically leave it up to the hiring manager to sort out any issues and provide any enhanced training.  But the hiring manager probably went through a similar “New Hire Orientation” and may not have any greater grasp on many of the key policies or changes made to the company’s policies, procedures and processes over the years.

Many companies do little, if anything, relative to providing any level of training to temporary help personnel, on-site service providers, or other vendors that are allowed access to a company’s facility without an escort being required. With companies in-sourcing more and more services and functions, it is vital to address this important area of insider risk. When providing guidance to non-employees, it is important to engage your legal department in developing focused and targeted training and awareness materials to avoid co-employment issues arising later.

The most effective approach to training and awareness that we have seen are programs that approach it in a holistic manner. Training and awareness programs aren’t like Ron Popeil’s famous “Set it and forget it” rotisserie infomercial. Effective training programs are both on-going and frequently updated to remain current and relevant. Consider requiring the passing of a test before allowing access to computer systems; utilizing changing awareness messages on screen savers; deploying quarterly or semi-annual training on key company policies, ethical standards and regulatory requirements to retain access to computer systems and/or physical security access control systems. In other words, BE CREATIVE and KEEP IT FRESH!!!! 


 

About the Authors:

Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Prior to founding SMR in 1997, Brennan enjoyed a 26-year career in domestic and international enterprise risk and security roles.

Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity. He has more than 35 years of experience heading these programs at the executive level of three major multinational corporations and one mid-cap company in diverse industries.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+