Get Instant Access
to This Blueprint

Security icon

Embed Privacy and Security Culture Within Your Organization

Drive employee engagement with privacy and security via governance and process integration.

Engagement with privacy and security within organizations has not kept pace with the increasing demands from regulations. As a result, organizations often find themselves saying they support privacy and security engagement but struggling to create behavioral changes in their staff.

However, with new privacy and security requirements proliferating globally, we can’t help but wonder how much longer we can carry on with this approach.

Our Advice

Critical Insight

To truly take hold, privacy and security engagement must be supported by senior leadership, aligned with business objectives, and embedded within each of the organization’s operating groups and teams.

Impact and Result

  • Develop a defined structure for privacy and security in the context of your organization, your obligations, and your objectives.
  • Align your business goals and strategy with privacy and security to obtain support from your senior leadership team.
  • Identify and implement a set of metrics to monitor the success of each of the six engagement enablers amongst your team.

Embed Privacy and Security Culture Within Your Organization

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a culture of privacy and security at your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Define privacy and security in the context of the organization

Use the charter template to document the primary outcomes and objectives for the privacy and security engagement program within the organization and map the organizational structure to each of the respective roles to help develop a culture of privacy and security.

2. Map your privacy and security enablers

This tool maps business objectives and key strategic goals to privacy and security objectives and attributes identified as a part of the overall engagement program. Leverage the alignment tool to ensure your organizational groups are mapped to their corresponding enablers and supporting metrics.

3. Identify and track your engagement indicators

This document maps out the organization’s continued efforts in ensuring employees are engaged with privacy and security principles, promoting a strong culture of privacy and security. Use the playbook to document and present the organization’s custom plan for privacy and security culture.


Onsite Workshop: Embed Privacy and Security Culture Within Your Organization

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Determine Drivers and Engagement Objectives

The Purpose

  • Understand the current privacy and security landscape in the organization.

Key Benefits Achieved

  • Targeted set of drivers from both a privacy and security perspective

Activities

Outputs

1.1

Discuss key drivers for a privacy and security engagement program.

  • Understanding of the role and requirements of privacy and security in the organization
1.2

Identify privacy requirements and objectives.

  • Privacy drivers and objectives
1.3

Identify security requirements and objectives.

  • Security drivers and objectives
1.4

Review the business context.

  • Privacy and security engagement program objectives

Module 2: Align Privacy and Security With the Business

The Purpose

  • Ensure that your privacy and security engagement program is positioned to obtain the buy-in it needs through business alignment.

Key Benefits Achieved

  • Direct mappings between a culture of privacy and security and the organization’s strategic and business objectives

Activities

Outputs

2.1

Review the IT/InfoSec strategy with IT and the InfoSec team and map to business objectives.

2.2

Review the privacy program and privacy strategic direction with the Privacy/Legal/Compliance team and map to business objectives.

  • Privacy and security objectives mapped to business strategic goals
2.3

Define the four organizational groupings and map to the organization’s structure.

  • Mapped organizational structure to Info-Tech’s organizational groups
  • Framework for privacy and security engagement program
  • Initial mapping assessment within Privacy and Security Business Alignment Tool

Module 3: Map Privacy and Security Enablers to Organizational Groups

The Purpose

  • Make your engagement plan tactical with a set of enablers mapped to each of the organizational groups and privacy and security objectives.

Key Benefits Achieved

  • Measurable indicators through the use of targeted enablers that customize the organization’s approach to privacy and security culture

Activities

Outputs

3.1

Define the privacy enablers.

3.2

Define the security enablers.

  • Completed Privacy and Security Engagement Charter.
3.3

Map the privacy and security enablers to organizational structure.

3.4

Revise and complete Privacy and Security Business Alignment Tool inputs.

  • Completed Privacy and Security Business Alignment Tool.

Module 4: Identify and Select KPIs and Metrics

The Purpose

  • Ensure that metrics are established to report on what the business wants to see and what security and privacy teams have planned for.

Key Benefits Achieved

  • End-to-end, comprehensive program that ensures continued employee engagement with privacy and security at all levels of the organization.

Activities

Outputs

4.1

Segment KPIs and metrics based on categories or business, technical, and behavioral.

4.2

Select KPIs and metrics for tracking privacy and security engagement.

4.3

Assign ownership over KPI and metric tracking and monitoring.

  • KPIs and metrics identified at a business, technical, and behavioral level for employees for continued growth
4.4

Determine reporting cadence and monitoring.

  • Completed Privacy and Security Engagement Playbook

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Drive employee engagement with privacy and security via governance and process integration.

Need Extra Help?
Try Our Guided Implementations

Get the help you need in this 3-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.

Guided Implementation #1 - Define Privacy and Security in the Context of the Organization
  • Call #1 - Scope requirements, objectives, and your specific challenges.
  • Call #2 - Align business goals and strategic objectives with privacy and security.

Guided Implementation #2 - Map Your Privacy and Security Enablers
  • Call #1 - Align business goals and strategic objectives with privacy and security, continued.
  • Call #2 - Identify privacy and security behaviors for each business group.

Guided Implementation #3 - Identify and Track Your Engagement Indicators
  • Call #1 - Identify and select your privacy and security engagement metrics and reporting structure.
  • Call #2 - Establish your metric owners, reporting procedures, and cadence.

Author(s)

Alan Tang

Logan Rohde

Contributors

  • Tom Pendergast, Writer, Security and Privacy Awareness Specialist, Speaker
  • Steve Stadler, Senior Program Manager, Privacy, Ancestry
  • Robert J Toogood, Subject Matter Expert in Digital Risk
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019