In early February, 15 practitioners convened in Prague to share our experiences, resources and approaches to organisational security. We organised the knowledge that came out of this meeting into these 3 process components (Discover, Strategise and Actualise) that provide an iterative, continuous process. We also have a component called Create Space to be integrated throughout the process. This section includes exercises and advice for building trust and awareness among the group.

Discover

Organisational Security > Organisational Security > worddav31189208943c3b4550f2d9e1a29e7952.png Mutual discovery is an component that is integrated throughout the organisational support process. Discovery includes learning about the organisation (their goals, workflow, information, technology, challenges, etc) and the organisation learning about you. It also includes ongoing evaluation of whether the support process is meeting its objectives and whether the staff is successfully implementing the recommended tools and process.

Strategise

Organisational Security > Organisational Security > worddav636f6ab2a4c1162c6a8d4d83c0b0777d.png Now that you have learned about the organisation, its information, how it uses technology, and its concerns, your next step will be to use this knowledge to develop a plan for your organisational security support. This will include identifying and developing clear approach to addressing priorities, defining the scope, establishing consensus, presenting an overall timeline, and proposing realistic expectations for this engagement.

Actualise

Organisational Security > Organisational Security > worddav9018ae7361ac0e54709377e42bbba63a.png You've learned about the organisation, you've taken steps to build awareness and trust with the staff, and you've created a plan with the organisation's input. Now it's time to implement the tools, practices and policies that will make the organization more secure. This section is a collection of knowledge around putting your plan into action.

Create Space, Trust and Buy-In

Organisational Security > Organisational Security > worddavb7870859fd0ccc24c671379092f17942.png Addressing organisational security can be an intimidating experience for people. As a support provider, it's important to create a safe space for staff to discuss difficult topics. Creating space must be integrated throughout the organisational security process.
This section includes exercises and advice for building trust and awareness among the group.

Additional Documentation

Join this documentation effort!

We invite you to join us to see what we started in Prague, hear our outline of how to grow as an independent, open, and collaborative community; and if you are interested, to join efforts. We want to hear from you about the challenges you face implementing organizational security support and your solutions; about your own organizational security systems and practices; and how you could benefit and contribute as an active member of this growing community.

Add your input by commenting on content and pages in this wiki. If you want to translate the content, get in contact with maya [at] theengineroom [dot] org.

This content is licensed under CC-BY-SA