How is your security? Companies are increasingly exposed and vulnerable to external as well as internal security threats. Threats can be aimed at people, IT systems, processes, information and assets of importance to the company, and such threats can place both corporate finances and reputation at stake.
As a consequence, many companies already work with security in the form of policies and contingency plans, IT security and physical security measures. These are good first steps, but they are not always sufficient. Security must be integrated in the working routines and culture of your organisation. Otherwise, the effects of these steps will be limited and there is a risk that your security investments are going to waste.
It requires a concerted effort to create the necessary security awareness among employees and to ensure behaviour, which does not expose the company and individual employees to unnecessary risks. CERTA can help clients develop a security culture which ensures that your efforts are successful and increase the organisation’s robustness, with benefits for the entire company.
CERTA Intelligence & Security works to strengthen the security culture in companies. A sound security culture is realised when a thorough understanding of the company’s values, vulnerabilities and risks permeates the entire company. Where a good security culture is present, actions and approaches that support security and safety are prioritised and considered a natural part of the company’s business operations.
CERTA has developed an approach for its work with security culture, which draws on tools from organisational development along with change and security management.
The approach includes five elements:
The individual elements support each other, but they can be weighted differently, depending on the company’s concrete needs. CERTA can assist during all or select phases and offers all-encompassing solutions, as well as specific services and assistance.
It is our experience that a good security culture doesn’t only concern the protection of the company and the safety of its employers, but also contributes to increased:
The concept of working with security culture is relevant for both companies and public authorities alike, who desire to develop or maintain a good security culture. It is a management tool, and requires a solid commitment from leadership to produce the desired effects.
CERTA works methodically and analytically with security. Our approach emphasises preventive efforts and building up appropriate security behaviour, which will support the company’s long-term strategic goals.
In collaboration with the individual company, CERTA can contribute to building a balanced and holistic security culture, which is adapted to the concrete needs of the company, its character and culture.
CERTA’s concept for working with security culture is based on experiences from both Denmark and abroad. CERTA’s advisers in the field have worked strategically, operatively or tactically with security culture and security behaviour in many institutions, including the police and intelligence services.
The elements in CERTA’s approach to working with security culture:
1. Leadership
A good security culture requires a strong commitment by leadership to the security work.
CERTA will deliver a presentation to the company’s leadership with a focus on organisational development, change management and security culture to establish a common understanding of what security culture and appropriate security behaviour is, as well as how security can be thought of in conjunction with broader strategic and leadership efforts.
The presentation will accompany a dialogue about the company’s security related needs.
2. Situational analysis
A situational analysis bases itself on qualitative interviews with selected employee groups and/or a broader quantitative investigation.
CERTA delivers:
3. Choice of Change strategy
The choice of a change goal – and strategy – will base itself partly on an analysis of the company’s ability to effectuate change and partly on recognized organisational change and change management theories.
CERTA delivers:
4. Implementation of the strategy via concrete change tools
CERTA designs and produces a portfolio of concrete change measures adapted to the company, and eventually differentiated according to the different units within that company, with different risk profiles and needs. This can concern:
5. Documentation, evaluation and eventual adjustment of work tools.
CERTA applies a combination of observation, qualitative interviews and quantitative investigations to help a company document and evaluate the impact of the implemented measures. CERTA collects and assesses data, and compares it with the results from the original situational analysis.
CERTA delivers: