Are you really aware of the consequences to your organisation of different types of information breach? Is your board? You need to make sure you understand the value of information assurance (IA), and you need to communicate that to all levels of the company.
You all need to be aware of the laws and regulations that might be broken – and the corporate and personal penalties that can be imposed. Not in depth – just enough for you to appreciate what priorities to recommend.
Failure to communicate the risks can be disastrous. Take one recent example, where the head of a major IT organisation brought an infected laptop into the office and the resultant cleansing cost over £13 million. He knew the rules, but didn't think they applied to him.
In another case, a bank was justly proud of providing access rights and passwords to every new employee within an hour of their arrival. But, through a lack of liaison with HR, it took six months to rescind those rights after employees left.
Most employees know they should shut windows and doors before they go out, but most managers don't know the basics of information assurance. We need to change that.
Your role is to remove jargon and explain in everyday words. Take responsibility for creating an IA culture within your organisation. Become the catalyst that brings together the various departments concerned, and present them with the stark facts for them to work on. Get HR, finance, marketing – as well as your business departments – on the same side.
Michael Harrison is organising the 7th PCII conference on 6 June in London. More details at www.pcii-initiative.co.uk
