Security Program Increasing Employee Participation

¶ … Security Program Increasing Employee Participation in an Information Security Program Often organizations will rely on change management strategies and initiatives to gain the cooperation and support of employees for information security programs. A change management program is by definition designed to provide employees with the background of why their information security program needs to be in place, what benefits it delivers, and how critical their support, participation and contributions are (Straub, Welke, 1998).

The intent of this analysis is to provide insights into how employee participation can be increased in an information security program. Best Practices: Increasing Employee Participation Of the most critical strategies for improving or increasing employee participation in an information security program, the most critical is the leaders of a given organization actively endorsing and showing through their actions that they believe in and support it (Madnick, 1978).

This is the single biggest success factor in the adoption of an information security program and also one of the most effective leadership skills in an organization. This not only drives up user security, it also creates a highly effective strategy for making an organization more resilient to change over time (D'Arcy, Hovav, Galletta, 2009). The more committed and involved the CEO and senior management team are in the planning, execution and monitoring of the information security program, the greater the trust in the program itself and adoption over the long-term.

It is an indispensable element of any change management strategy or initiative. A second factor in the successful implementation of a successful information security program is the inclusion of employees in the planning and early implementation phases so they have a strong sense of ownership. Creating a shared bond of trust and allowing the employees to have a voice in the specifics of the security management strategies, including how they affect their jobs, is also vital to the success of the program as well (D'Arcy, Hovav, Galletta, 2009).

The greater the employee ownership and vested interest in a program's success, the greater the probability of its success. This emanates from a leader's choosing to endorse and actively support an information security program and show consistency of effort and focus to attain tis objectives (Madnick, 1978). A third critical success factors is the providing of periodic feedback as to the progress of the information security program.

The ability to actively monitor an information security program's progress using analytics and metrics of performance will significantly increase the likelihood of continued support (Straub, Welke, 1998). As is the case with many change management initiatives, the use of analytics and metrics also provide feedback to the employees and leadership of an organization, reinforcing adoption to the information security program over time (Guttman, Herzog, 2005).

Conclusion The basis of effective change management is predicated on giving employees the ability to attain autonomy of their jobs, along with providing a foundation of also gaining mastery and purpose.