The Great Conversation on March 5 & 6 will feature a conversation around culture and security by the security executive of a Fortune 100 organization. In this column, by Phil Aronson, published by Security Magazine, we get another perspective on why culture, as Drucker once said, trumps strategy for breakfast.
As a Security Risk Management Services (SRMS) provider, we understand that most security programs will be underleveraged or undervalued if there is not an assessment of the organization’s culture.
The bottom line: Culture is another way of saying “This is how we do things around here.” In most cases, what is written down or hung on the wall does not align with “how we do things around here.” People will perform their roles, work within their processes and utilize technology to get things done; but the values that under-gird their behavior and the ability to understand them and leverage them is one of the keys to unlocking the value of security.
We know from the subject matter experts in the industry that there are tools that can be leveraged to self-assess as well as form the basis for a collaboration with a consulting firm that has a practice in organizational change management.
One self-assess tool is on the Australian Government’s Organizational Resilience website. Thank you to Ray Bernard, one of the best security minds in the industry, for referring us to the site: www.organisationalresilience.gov.au. This graphic from the site (above) is a compelling reminder of the leverage the culture has in the outcome from a serious event.
However, the culture also can be used proactively to provide a force multiplier in the reach and practice of mitigating risk.