Embed Privacy and Security Culture Within Your Organization
Drive employee engagement with privacy and security via governance and process integration.
Engagement with privacy and security within organizations has not kept pace with the increasing demands from regulations. As a result, organizations often find themselves saying they support privacy and security engagement but struggling to create behavioral changes in their staff.
However, with new privacy and security requirements proliferating globally, we can’t help but wonder how much longer we can carry on with this approach.
Our Advice
Critical Insight
To truly take hold, privacy and security engagement must be supported by senior leadership, aligned with business objectives, and embedded within each of the organization’s operating groups and teams.
Impact and Result
- Develop a defined structure for privacy and security in the context of your organization, your obligations, and your objectives.
- Align your business goals and strategy with privacy and security to obtain support from your senior leadership team.
- Identify and implement a set of metrics to monitor the success of each of the six engagement enablers amongst your team.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
10.0/10
Overall Impact
10
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
TForce Holdings Inc.
Guided Implementation
10/10
N/A
10
Great high level understanding and next steps in related to privacy policies and processes.
Workshop: Embed Privacy and Security Culture Within Your Organization
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Determine Drivers and Engagement Objectives
The Purpose
- Understand the current privacy and security landscape in the organization.
Key Benefits Achieved
- Targeted set of drivers from both a privacy and security perspective
Activities
Outputs
Discuss key drivers for a privacy and security engagement program.
- Understanding of the role and requirements of privacy and security in the organization
Identify privacy requirements and objectives.
- Privacy drivers and objectives
Identify security requirements and objectives.
- Security drivers and objectives
Review the business context.
- Privacy and security engagement program objectives
Module 2: Align Privacy and Security With the Business
The Purpose
- Ensure that your privacy and security engagement program is positioned to obtain the buy-in it needs through business alignment.
Key Benefits Achieved
- Direct mappings between a culture of privacy and security and the organization’s strategic and business objectives
Activities
Outputs
Review the IT/InfoSec strategy with IT and the InfoSec team and map to business objectives.
Review the privacy program and privacy strategic direction with the Privacy/Legal/Compliance team and map to business objectives.
- Privacy and security objectives mapped to business strategic goals
Define the four organizational groupings and map to the organization’s structure.
- Mapped organizational structure to Info-Tech’s organizational groups
- Framework for privacy and security engagement program
- Initial mapping assessment within Privacy and Security Business Alignment Tool
Module 3: Map Privacy and Security Enablers to Organizational Groups
The Purpose
- Make your engagement plan tactical with a set of enablers mapped to each of the organizational groups and privacy and security objectives.
Key Benefits Achieved
- Measurable indicators through the use of targeted enablers that customize the organization’s approach to privacy and security culture
Activities
Outputs
Define the privacy enablers.
Define the security enablers.
- Completed Privacy and Security Engagement Charter.
Map the privacy and security enablers to organizational structure.
Revise and complete Privacy and Security Business Alignment Tool inputs.
- Completed Privacy and Security Business Alignment Tool.
Module 4: Identify and Select KPIs and Metrics
The Purpose
- Ensure that metrics are established to report on what the business wants to see and what security and privacy teams have planned for.
Key Benefits Achieved
- End-to-end, comprehensive program that ensures continued employee engagement with privacy and security at all levels of the organization.
Activities
Outputs
Segment KPIs and metrics based on categories or business, technical, and behavioral.
Select KPIs and metrics for tracking privacy and security engagement.
Assign ownership over KPI and metric tracking and monitoring.
- KPIs and metrics identified at a business, technical, and behavioral level for employees for continued growth
Determine reporting cadence and monitoring.
- Completed Privacy and Security Engagement Playbook
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 3-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Define Privacy and Security in the Context of the Organization
- Call 1: Scope requirements, objectives, and your specific challenges.
- Call 2: Align business goals and strategic objectives with privacy and security.
Guided Implementation 2: Map Your Privacy and Security Enablers
- Call 1: Align business goals and strategic objectives with privacy and security, continued.
- Call 2: Identify privacy and security behaviors for each business group.
Guided Implementation 3: Identify and Track Your Engagement Indicators
- Call 1: Identify and select your privacy and security engagement metrics and reporting structure.
- Call 2: Establish your metric owners, reporting procedures, and cadence.
Contributors
- Tom Pendergast, Writer, Security and Privacy Awareness Specialist, Speaker
- Steve Stadler, Senior Program Manager, Privacy, Ancestry
- Robert J Toogood, Subject Matter Expert in Digital Risk
Assess Your Cybersecurity Insurance Policy
Achieve Digital Resilience by Managing Digital Risk
Combine Security Risk Management Components Into One Program
Prevent Data Loss Across Cloud and Hybrid Environments
Build an IT Risk Management Program
Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan
Develop and Deploy Security Policies
Fast Track Your GDPR Compliance Efforts
Build a Security Compliance Program
Embed Privacy and Security Culture Within Your Organization
Establish Effective Security Governance & Management
Improve Security Governance With a Security Steering Committee
Develop Necessary Documentation for GDPR Compliance
Reduce and Manage Your Organization’s Insider Threat Risk
Satisfy Customer Requirements for Information Security
Responsibly Resume IT Operations in the Office
Master M&A Cybersecurity Due Diligence
Integrate IT Risk Into Enterprise Risk
Present Security to Executive Stakeholders
Deliver Customer Value by Building Digital Trust
Address Security and Privacy Risks for Generative AI
Protect Your Organization's Online Reputation
