Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joining Records Management and Cyber Security

Published byScott Walton Modified over 5 years ago

Similar presentations

Presentation on theme: "Joining Records Management and Cyber Security"— Presentation transcript:

1 Joining Records Management and Cyber Security
Martin Fletcher Assurance and Information Management Consultant Cyber Security Summit 16 November 2017

2 The National Archives Provide advice to government on how to manage and transfer its information Train boards, SIROs, IAOs and end users Advocate a joined up approach to managing information and keeping it secure

3 Questions how good is the relationship between security experts and Information Management Professionals in your organisation? what challenges do you have engaging staff? Have you seen anything that worked well? what would you like to see from training and engagement experts to help in this area? On question three we’re asking them to think about it in the context of 1 and 2 -What can we do to help foster relationships between cyber security and Information Management Professionals? -What else can we be doing to engage staff?

4 Relationships Frequent communication and catch ups are key
Ensure that both professions are involved in projects from an early stage Senior managers should help encourage communication © Daniel Kulinski 2008 Records management professionals were more positive about relationships than cyber professionals. Note that this may be down to organisations having less developed records management structures, meaning it was more difficult for CS experts to build relationships with them. Organisations with good relationships had frequent communication. Often sat near each other, sometimes reported to the same managers. When these managers encouraged communication that helped too. In good organisations both sets of professionals were involved in risk decisions from an early stage. They both worked closely with the SIRO to ensure that information risks were captured and where appropriate escalated. Solutions developed were more practical for end users as they were considered from more than one perspective.

5 Communicating with end users: Challenges
Over-reliance on technical solutions to solve problems Attitude across the business that information management was “an IT problem” Size and complexity of the business Getting heard above the noise One thing that was noted in organisations that were performing less well was that professionals got too hung up on technical solutions, rather than engaging with end users. This was particularly so after physical records were digitised and they were then considered the IT team’s problem Other common concerns included The size of the business Staff working across multiple sites Getting heard against the background noise of other important things

6 Overcoming challenges
Blended learning solutions Case studies “what does good look like” Consistent messages Senior level suport Blended learning approaches to suit staff from a range or backgrounds and across lot so of sites. Face to face Online (must be kept bite sized) Just in time approach (Posters, vlogs, webinars, cost of carelessness) Phishing campaigns. Effective, but make sure to involve HR and possibly unions from the beginning Case studies “what good and bad looks like” Lots of news stories about cyber incidents The ICO has lots of investigations about poor records management Senior managers would either attend sessions to give an intro and underline why it was important. Or they would submit videos, for example training is taking place across a lot of sites. © Atiben 2008

7 What can training and engagement experts do?
Facilitate sharing and communication Ensure messgaes are consistent Bring our talents into play Don’t use blame language Help encourage communication between RM, CS experts, Senior Management (sometimes the RM and CS experts may not be the best people to communicate issues to seniors and secure their buy in) and end users Make sure that when RM and CS experts produce communications that they do not contradict each other. Also ensure that they are in line with company policy, if not then is the message wrong or does the policy need to be revisited. Training experts are often great at sniffing out good case studies, brininging in examples from previous classes they’ve taught. They also make a living out of ensuring that courses are interesting and learning is cemented. You can use their skills in this area. A final point I found particularly interesting was in how communications describe end users. It was mentioned that ‘too often end users are referred to as though they are a problem that needs fixing’. When we are writing our training courses, blogs posts, videos, even research articles we need to make sure that the language we use doesn’t give staff this impression. We ought to communicate in a way that advises on best practice, but also listens to staff concerns and adapts to support them in their roles. Earlier this year the NCSC produced a great video on just this subject.

8 Conclusions Organisations benefit when records managers and cyber security experts have good relationships Risk decisions are more thorough Learning among end users is more effective Senior management take an increased interest © CPNI

Download ppt "Joining Records Management and Cyber Security"

Similar presentations

Thinking Actively in a Social Context T A S C.

Thinking Actively in a Social Context T A S C.
Audit and Compliance Rosemary Carter Associate Director of Regulatory Compliance.

Audit and Compliance Rosemary Carter Associate Director of Regulatory Compliance.
Providing Safe and Effective Care for Patients with Limited English Proficiency This course was developed with the support of the Josiah Macy Jr. Foundation.

Providing Safe and Effective Care for Patients with Limited English Proficiency This course was developed with the support of the Josiah Macy Jr. Foundation.
Introducing the Leadership Profiles. Session aims Affirm a focus on leadership learning Introduce the Leadership Profiles Explore the Interactive Leadership.

Introducing the Leadership Profiles. Session aims Affirm a focus on leadership learning Introduce the Leadership Profiles Explore the Interactive Leadership.
Leading Teachers A joint training package from the National Academy for Gifted & Talented Youth and the National Strategies.

Leading Teachers A joint training package from the National Academy for Gifted & Talented Youth and the National Strategies.
CACHE Level 2 Intro to Early Years Education © Hodder & Stoughton Limited CACHE LEVEL 2 INTRODUCTION TO EARLY YEARS EDUCATION AND CARE Unit 5 Understand.

CACHE Level 2 Intro to Early Years Education © Hodder & Stoughton Limited CACHE LEVEL 2 INTRODUCTION TO EARLY YEARS EDUCATION AND CARE Unit 5 Understand.
Obtain and review client feedback. Creating evaluation or feedback tools Importance of client feedback  The use of client feedback is very useful to.

Obtain and review client feedback. Creating evaluation or feedback tools Importance of client feedback  The use of client feedback is very useful to.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Maths No Problem; A Mastery Approach.

Maths No Problem; A Mastery Approach.
2016 IABA FOUNDATION ACTUARIAL BOOTCAMP the mentor-mentee relationship

2016 IABA FOUNDATION ACTUARIAL BOOTCAMP the mentor-mentee relationship
What does a ULR Do? Opportunity Growth Support Learning Qualifications

What does a ULR Do? Opportunity Growth Support Learning Qualifications
The Advising First College Life Coaching Program

The Advising First College Life Coaching Program
Skills Workshop New Mentors & Mentees

Skills Workshop New Mentors & Mentees
National data opt-out - Implementation approach

National data opt-out - Implementation approach
Information for Parents Key Stage 3 Statutory Assessment Arrangements

Information for Parents Key Stage 3 Statutory Assessment Arrangements
Case Study as a Teaching Strategy

Case Study as a Teaching Strategy
The Guardian Project Safeguarding and supporting Girls affected by fgm

The Guardian Project Safeguarding and supporting Girls affected by fgm
Improving Communication in a Student Newsroom

Improving Communication in a Student Newsroom
COMM 102 RANK Change The World /comm102rank.com

COMM 102 RANK Change The World /comm102rank.com
Building the foundations for innovation

Building the foundations for innovation

Similar presentations

Ads by Google