Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

The importance of the human element of security

5 steps to create an effective, collaborative cybersecurity team

By Jim Nitterauer
human-security-freepik1170x658.jpg
June 10, 2022

Security is more than a technical problem. It’s also a problem that includes having the right people to implement and follow the right processes. A company’s security technologies should make people’s lives easier — from C-suite to the line of business employees — because everyone has a shared security responsibility. For many IT teams, complex and time-consuming security tools can feel overwhelming, leaving them unable to use all the features and functionalities that would allow them to manage security more effectively. 


Purposeful collaboration is fundamental to getting security right. To create this sense of community, security teams need to regularly engage employees, inform leadership, and demonstrate organizational value.


Know the Environment —  Digital and Regulatory

Changes in workforce models and customer expectations make security and security teams increasingly important to all organizations. 


Users expect digital interactions, but they also want organizations to limit data collection. Users have higher security and privacy expectations today. Further, when companies fail to meet these expectations, customers are willing to turn to competitors. 


Second, more governments are passing privacy legislation directly related to customer demands, and since the enforcement of the General Data Protection Regulation (GDPR) in 2018, more legislatures have enacted privacy laws. In the US alone, in 2022, at least four more states — Virginia, Colorado, Utah, and Connecticut — will enact new privacy laws. 


Finally, successful cybercrimes are easier to commit than bank robbery, and they are financially more lucrative. Cybercriminals recognize this, embracing Ransomware as a Service (RaaS) business models. This allows them to make more money stealing and selling data or holding it for ransom. 

 

Understanding Context

Collaboration starts with education, which goes beyond the annual security awareness training. Just like people know that they must be aware of their physical surroundings, they need to be aware of their digital surroundings. Security leaders need to think outside the compliance checkbox and work to create a more sustainable approach to security and situational awareness. 


In cybersecurity, situational awareness is about understanding normal tasks and daily workflows. Then, people can recognize events outside of that normal. Whether working on a computer, reading emails, talking on the phone, or interacting face-to-face, people must be cognizant of their digital surroundings in order to recognize suspicious requests and interactions.

 

How to Create an Effective, Collaborative Cybersecurity Program

Most activities in cybersecurity fall under the “easier said than done” category, but using the best team-building practices makes it easier. 

 

1. Understand Different Perspectives

The first step is to pose these two simple questions to everyone in the organization:

  • Do you see any risks that the company’s not addressing?
  • How do you think we should fix those problems? 


The first question provides visibility into new risks since people in different roles see risk differently. The second question reduces risk by getting people to feel ownership over creating and following processes.

 

2. Assign Clear Responsibilities

People need to know how the organization defines its responsibility from the following perspectives:

  • Operational
  • Ownership
  • Compliance 
  • Security 


Mature companies often have these roles and responsibilities clearly defined. Organizations should create these definitions as soon as possible because waiting until the company “gets big enough to need it” leads to technical liability. 


3. Start with Critical Teams

Organizations don’t need to transform everything all at once because that can be overwhelming. It’s easier to start with one critical team to:

  • Develop well-defined roles 
  • Implement segregation of duties
  • Define operational and compliance responsibilities

 

4. Self-Assess People, Processes, and Controls

Conduct routine self-assessments to ensure people follow processes and document compliance with internal controls. 


Monitoring user access can show holes in processes and potential points of improvement. Documentation, such as through logging, proves that the controls are operating effectively for the compliance team. 

 

5. Name Security Ambassadors

Security ambassadors don’t need to be technical. These people care about security and feel a sense of ownership over it within their teams, helping to identify risks and implement controls. Then, the IT or security team can use technology to document whether the controls are working. 


Access management is a perfect example of this. Managers best understand the access their employees need. The definitions and decisions aren’t technical. 

 

Remember the Human Element

Security starts with people, and technology should support them effectively. By starting with people, security and IT teams can find that many of their currently deployed tools give them what they need to build a collaborative cybersecurity program. 


This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: C-Suite cybersecurity cyber security employee training ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jimnitterauer head shot

Jim Nitterauer is the Director of Information Security at Graylog.  He holds the CISSP and CISM certifications in addition to a Bachelor of Science degree with a major in biology from Ursinus College and a Master of Science degree with a major in microbiology from the University of Alabama. He is well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 25 years. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Glowing blue fibers in darkness

    Verizon 2024 Data Breach Report shows the risk of the human element

    See More
  • Keys to Employee Cybersecurity

    The Human Element of Cybersecurity

    See More
  • 5 mins with

    5 minutes with Matt Voska - The importance of in-office security guards

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing