Too often our human selves will happily put off some responsibilities on others if we can find any small reason for doing so. It may not be our best quality but it is certainly one that bonds most of us together. I personally can’t name anyone that would say sorry I would like to take responsibility for something I think is your responsibility. In our world today we all need to take responsibility for helping protect the group as a whole. The NICE team from NIST published something about just that when it comes to cybersecurity. Time to get ready to discuss it is everyone’s responsibility, not just a select few.
In this episode:
It Is Everyone’s Responsibility – Ep 259
2020 COVID Session Dates
August 18, 19, 20
For info go to TheHIPAABootCamp.com
Share Help Me With HIPAA with one person this week!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
We want to take a moment to address the greater issues happening in the country right now. Our lengthy discussion on the topic would surprise many of you. We both have very different experiences and often different opinions. The important thing is we have conversations that are respectful and honest. There are many problems we are all facing right now with policing and racism in the middle of a pandemic. None of these are simple or will be solved quickly or easily.
What we do know is that until we learn to have conversations with other people and realize we all have experiences that frame the way we see the world. Take the time to sit down with someone even in your own family without the attitude of I am right and you are wrong. Understand we are different and each of us deserve to be respected as human beings.
The podcast audio includes more of this discussion.
It Is Everyone’s Responsibility
Cybersecurity is Everyone’s Job from NICE, a subgroup of NIST created this great guidebook in 2018. I knew it would be a great one when I got to the first sentence of the first section:
Bam! Right there it is. We all need to understand it is on us, there is no real way to easily secure the human unless they agree to participate. A few paragraphs later they lay it out with a bit more detail.
Throughout the guide it breaks down the understanding of cybersecurity responsibilities based on job roles. No matter how you fit into the organization you fit into at least one if not more of these roles. There are some things that apply to all roles and some that are more specific and only apply to a few. The breakdown by role is something I feel is most important. It allows someone to skip to the part that matters to me. We have often mentioned the importance of all training being related to the individual and the job that they do.
From a training perspective we always believe that the what is as important as the why but not as important as the why me. Humans may tend to allow others to take responsibility for things they deem do not apply to them. The best way any of us get involved is when we believe something really does apply to me or it really does impact me in some way. Especially when we look at our ability to ignore things or remain uninformed about things that do not have a direct impact on our personal lives or needs.
If you are outside all of these areas you should probably still be aware but come-on, man, there is definitely something in here for everyone and it is written with that intent. No matter who you are or what you do the cybersecurity of your organization relies on you. You can be the last defense or the greatest weakness, which one do you prefer to be. The message is throughout the conversations that follow based on those roles and functions people perform in an organization. You can use the guide as one large manual or break out each section to be a stand alone guidebook for the role or categories of activities involved.
Here are the categories broken down for explanation:
The business functions are presented as seven categories:
- Leadership, Planning, and Governance
- Sales, Marketing, and Communications
- Facilities, Physical Systems, and Operations
- Finance and Administration
- Human Resources
- Legal and Compliance
- Information Technology
There is an opening section before it dives into these categories that really should be read by every single person. At minimum make sure all the management and leadership throughout the organization review it. I would suggest you even consider making a specific meeting to discuss these concepts with the leaders of each area of the organization from the top down.
Opening on responsibility in the organization culture
This simple one page hits on all the elements of a system that thinks about privacy and security by design. It is built into the decisions and through processes we follow every day for everything we do. It covers the need for a mindset, leadership, training, management, policies and reinforcement with technical safeguards. A perfect page for reading no matter what part you play in the big picture. It is everyone’s responsibility to protect the data and systems.
Categories cover responsibility by roles
revenue, and interacting with customers
Each section reviews what the jobs require, what information they need to do it and how that makes them a risk to the security of the organization. There are little bullet sections and great examples speaking directly about what each role needs to have access to in order to be effective. That means you should also be aware of how that could impact the organization if you don’t take your responsibility seriously. It really provides some positive feedback training and guidance instead of the do this or else approach.
I encourage you to take the time to download the guide using one of the many links provided here and find the best way to share it within your organization. There is very little more that can be done until the practical concepts are implemented in an organization.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!