What do we mean when we talk about Security-Mindedness?
Security-Mindedness is a term you will hear across security disciplines. It is about encouraging business leaders, managers and practitioners to consider security across their organisations, the assets they own and the services they deliver, as well as in their projects and programmes.
This is especially relevant as we move into the digital age with more organisations needing to consider security than has traditionally been the case.
An organisation must first appreciate and recognise that security threats, vulnerabilities and the potential resultant risks are something it needs to consider and understand. Being security-minded is about then responding to these risks in a way that it appropriate and proportionate.
Security-Mindedness is generally undertaken with the aim of deterring and disrupting hostile, malicious, fraudulent and criminal behaviours or activities. However, the approach can also used by organisations to help to protect against loss of valuable commercial information, personal data and intellectual property.
Our approach to Security-Mindedness can be divided into 4 key stages:
1 - Recognise the threats
This relates to understanding the range of threats that could impact on:
- the safety, security and/or resilience of your organisation
- your personnel
- your assets
- your services
These threats could be terrorism, hostile actions by countries, commmerical espionage, organised crime, activists, lone actors, hackers and malicious insiders.
2 - Minimise the risks
The second stage is to develop and implement measures to mitigate those risks which exceed the risk appetite of your organisation. These measures should consider personnel, physical, and cyber security controls as well as measures to manage sensitive information which the organisation creates, acquires, processes and stores. The Security-Minded approach should also be underpinned by good governance, with accountability for the approach at the top management level of your organisation.
3 - Comply with policies and processes
Once the policies and processes are in place it is important that there is appropriate support to ensure their implementation. This includes developing a Security-Minded culture and undertaking proportionate levels of auditing and monitoring.
4 - Respond to incidents or breaches
Regardless of the measures in place it is possible that a security breach or incident could still occur. The final stage of the Security-Minded approach is to respond effectively and to identify and implement measures to reduce potential reoccurrence.
At NPSA we advocate for all organisations to adopt a Security-Minded approach. Using the processes and methodologies will help start conversations with decision makers about security and help your organisation to become more resilient.