Our experience researching the human factor, developing the security industry’s only architecture framework SABC® to manage human factor risk and implementing this since 2012, has meant we are a great fit for organisations looking for support in an advisory capacity.
Our consultancy services are there to support you whatever your needs and circumstances might be.
We’ve supported CISOs and their Boards to assess their organisation’s maturity and approach to influencing employee awareness, behaviour and culture through to supporting those who have suffered a breach, and now, must explain to regulators, clients and investors how they intend to influence positive security behaviours and embed security values into organisational culture.
“Culture consists of the unwritten rules of the social game.”
We’re passionate about behavioural change. So, all our training courses include an element of post course support, to help you implement what you have learnt. However, sometimes, customers have wanted more. That’s where our Coaching Programmes come in.
Our coaching programmes include one to one and group coaching options. You can choose an option to target a specific challenge you face within your organisation, such as implementing our SABC® Framework, developing a range of metrics or targeting a specific audience with a
higher risk profile. Alternatively, you can join a programme which incorporates one of our training courses, but wraps it in coaching to help you better understand and support the implementation of what you learn.
Find out more about the Coaching options available by registering for our webinar below. Then, if you remain interested, book an appointment with one of our assessors to find out if coaching rather than training might fit your needs better.
The security industry has plenty of standards, frameworks and regulations. Organisations sometimes use these to assess whether they’re efforts are on course with industry best practise or in need of re-alignment. But there’s currently no standard for managing human factor risk until now.
Although the human factor is at the root of nearly all security breaches, there has been no standard for understanding and managing security awareness, behaviour and culture. That changed when we developed SABC®, the first architecture framework for managing human factor risk.
SABC® is an architecture and management process which includes a range of domains and sub domains. Each domain has 5 levels of maturity. The framework has been designed to look and even sound like other frameworks which you’ll probably already be familiar with like ISO27001, NIST, TOGAF, SABA and COBIT. It’s this familiarity to security leaders combined with a clear approach to delivering employee awareness, behaviour and culture, which means SABC® has been used by organisations to benchmark their own maturity since 2018 and to redefine their strategic and operational objectives.
check out our case study and find out more by registering for our webinar here.
Scheduling time with stakeholders, well in advance where possible, recognises how busy they are and gives them time to prepare where necessary.
Interviews conducted by experienced professionals, trained in the SABC® Framework in a number of different languages.
Here we’re looking for evidence to support statements made during the interview process when responding to the interviewer’s questions.
Here we will look at a bigger picture seeing the relationship in between the different findings and how this might provide opportunities for improving your work which might not be immediately obvious.
It’s important that stakeholders have the opportunity to review the findings, have their questions answered and, where necessary their thoughts on the findings respected and considered before drafting the final report.
It’s important that stakeholders have the opportunity to review the findings, have their questions answered and, where necessary their thoughts on the findings respected and considered before drafting the final report.
In person or remote meeting with exercise sponsor and other stakeholders to review the key findings and provide an opportunity for discussion.
Prepare and deliver the final report and, depending on the agreed scope, we can deliver a presentation to the Board or Senior Leadership Team on the exercise findings. Remind all stakeholders about our “Have Your Back” promise included with your Benchmark exercise.
Agree the terms of the engagement.
Working with you we map the internal and external parties with an interest in your efforts to influence employee awareness, behaviour and culture.
Stakeholders are busy and may not immediately see their role in the exercise. It’s important to secure their buy in. Effective communication will lay the ground work for stakeholder support.
Scheduling time with stakeholders, well in advance where possible, recognises how busy they are and gives them time to prepare where necessary.
Interviews conducted by experienced professionals, trained in the SABC® Framework in a number of different languages.
Here we’re looking for evidence to support statements made during the interview process when responding to the interviewer’s questions.
Here we will look at a bigger picture seeing the relationship in between the different findings and how this might provide opportunities for improving your work which might not be immediately obvious.
It’s important that stakeholders have the opportunity to review the findings, have their questions answered and, where necessary their thoughts on the findings respected and considered before drafting the final report.
It’s important that stakeholders have the opportunity to review the findings, have their questions answered and, where necessary their thoughts on the findings respected and considered before drafting the final report.
In person or remote meeting with exercise sponsor and other stakeholders to review the key findings and provide an opportunity for discussion.
Prepare and deliver the final report and, depending on the agreed scope, we can deliver a presentation to the Board or Senior Leadership Team on the exercise findings. Remind all stakeholders about our “Have Your Back” promise included with your Benchmark exercise.
Agree the terms of the engagement.
Working with you we map the internal and external parties with an interest in your efforts to influence employee awareness, behaviour and culture.
Stakeholders are busy and may not immediately see their role in the exercise. It’s important to secure their buy in. Effective communication will lay the ground work for stakeholder support.
We love to hear what you’re thinking and share what we’re up to. Register here to join our Founder, Bruce Hallas, as he explains more about how we are helping others like you.
Security incidents will happen. Some, of these incidents, will turn into breaches . Almost all of them will have human behaviour as the route cause behind them. Senior security leaders have a choice to make. Invest the resource and time in to planning how to manage a crisis when it eventually materialises. Or, manage a crisis as it unfolds before your very eyes.
A critical part to planning for a crisis or even responding to one as it occurs, will be facing stakeholder scrutiny. Regulators, investors, customer, employees and even the media are going to want their questions answered.
That means your CEO and other members of the senior leadership team, including your CISO, might find themselves under cross examination. They are going to want to demonstrate how they were effectively in control of employee risk and that they had nurtured an organisational culture which supported positive security behaviours.
Here at Re-thinking the Human Factor we’ve successfully advised organisations, who have suffered a breach, or who are developing their crisis management capacity, how they can best respond to scrutiny by stakeholders whether in public or private, about how they will be planning to deliver more effective change in employee behaviour and organisational culture.
What role does the education and awareness team play in creating severe but realistic desk top exercises to help plan for a security breach? If you answered “None” then contact us at RHF to find out why they should.
Have your education & awareness team sat down and briefed your internal and external legal teams on their efforts to influence employee behaviour and culture? If you answered “No” then contact us at RHF to find out why they should.
In case of a breach, having prepared communications to share externally and internally, is part of effective crisis management. How well have you briefed your PR team on your efforts to influence employee behaviour and culture? If you’ve never spoken with PR then contact us at RHF to find out why you should.
As a CISO or Head of Education & Awareness, how well positioned would your CEO and legal counsel be, if they had to explain how they set out to influence organisational culture? If your answer is that you’re not entirely sure, then contact us at RHF to rebuild your confidence.
How confident would you be that if cross examined, your CEO or Legal Counsel, would be able to robustly demonstrate your organisation’s efforts to influence employee behaviour and culture? If you’re not sure, then contact us at RHF to rebuild your confidence.
Find out how the RHF has helped organisations ride the storm of publicity and regulatory scrutiny when explaining how they try to influence employee behaviour and culture.
“Ultimately it has provided us with some tactical steps that we can start on right away and help us build a robust strategic approach to security culture.”
“The information and insight I gained in 1 hour has transformed my thought process and tailored my approach going forward, I am already seeing results in communication, engagement and understanding.”
“During my time working with Re-thinking the human factor on a client assignment, I was impressed with the Security Awareness, Behaviour & Culture (SABC) methodology that has been developed to achieve positive security behaviours and a security culture. This stands out as an innovative and well thought through unique approach to influencing security behaviour and fostering an appropriate culture.”
“Re-thinking the human factor helped us set out an ambitious strategy for delivering demonstrable change in employee awareness and behaviour.”
We love to hear what you’re thinking and share what we’re up to. Register here to join our Founder, Bruce Hallas, as he explains more about how we are helping others like you.
