Effective Security Awareness. Workshop Report

Size: px
Start display at page:

Download "Effective Security Awareness. Workshop Report"

Transcription

1 Effective Security Awareness Workshop Report April 2002

2 1. Set objective for security awareness 1.1 Identify security awareness problems 1.2 Set high-level programme objective 1.3 Set specific campaign goals 1.4 Define & establish campaign metrics 2. Scope and design security awareness programme 2.1 Perform stakeholder analysis 2.2 Identify driving and resisting forces 2.3 Identify appropriate action steps 3. Develop and deliver security awareness campaigns 3.1 Define security awareness messages 3.2 Unfreeze existing behaviour 3.3 Deliver messages 3.4 Refreeze new behaviour 4. Evaluate effectiveness of campaigns 4.1 Evaluate 4.2 Revise 4.3 Run campaign campaign / further effectiveness programme campaigns Figure 1: Process for effective security awareness

3 Executive Summary Data from the Forum s Information Security Status Survey indicates that most Members believe that the effectiveness of their security awareness initiatives does not rate especially highly, and that more than four out of five feel they do not commit sufficient time and resources to their awareness activities. These concerns combined with comments from many Member organisations that security awareness activities often fail to deliver a lasting behaviour change were addressed during a series of eight workshops run by the Forum on the topic of Effective Security Awareness. At the workshops, Members agreed that awareness initiatives often fail because they: are not managed as a formal programme of work, and lack formal objectives, a business sponsor or the necessary resources for their successful completion are not aimed at specific business problems, but instead from a belief that awareness needs to be raised do not use specialised awareness materials do not incorporate a mechanism for assessing security behaviour: instead looking at security knowledge. In order to address these issues, the workshops examined a process developed by the Forum to deliver lasting behavioural change, based on the concept of effective security awareness. The process shown in Figure 1 opposite is derived from a proven approach that facilitates a positive change in behaviour by examining the forces driving and resisting that change. The key stages of the process are to: set a clear, measurable objective for security awareness activities create a structured programme of awareness work that includes one or more campaigns, where each campaign has a goal to change an aspect of security behaviour develop and deliver the awareness messages, and ensure that the desired security-positive behaviour is maintained measure the effectiveness of the awareness campaigns to confirm the change to securitypositive behaviour, and revise and repeat the awareness campaigns if necessary. The key findings of this project are important for anyone planning or managing information security awareness activities. They provide a unique insight into a new process for planning and implementing security-positive behaviour change.

4 WARNING This document is confidential and purely for the attention of and use by organisations that are Members of the Information Security Forum (ISF). If you are not a Member of the ISF or have received this document in error, please destroy it or contact the ISF on or on +44 (0) Any storage or use of this document by organisations which are not Members of the ISF is not permitted and strictly prohibited. This document has been produced with care and to the best of our ability. However, the Information Security Forum accepts no responsibility for any problems or incidents arising from its use.

5 Part 1 Introduction Table of contents This report Purpose of this report Who should read it Page Part 2 Part 3 Part 4 Part 5 Part 6 Basis for this report Background Validity of the effective security awareness process Security awareness What is security awareness? The importance of security awareness A traditional model for security awareness Key issues Extent of awareness activities Drivers for security awareness Objective of awareness activities Sponsorship of awareness activities Awareness topics Effectiveness of the traditional model Commitment to delivering awareness From awareness to behaviour change The need for a new awareness model Influencing risk perception The impact of organisation culture Reluctance to change Creating security-positive behaviour The importance of equilibrium Maintaining security-positive behaviour Effective security awareness What is effective security awareness? A new approach to security awareness Stage One: Set objective for security awareness Stage Two: Scope and design security awareness programme Stage Three: Develop and deliver security awareness campaigns Stage Four: Evaluate effectiveness of campaigns Summary Conclusions and next steps Conclusions How the process addresses the key issues Next steps: Recommendations for further work

6 Security awareness must be delivered through an ongoing, continuous programme of work, as opposed to a finite set of activities that stop and are not continued. The key messages, tone and approach of the programme must be relevant to the audience and consistent with their values and goals: If security is perceived as a hindrance to their own personal activities, then the t message will carry little meaning. Effective security awareness is achieved through an ongoing process of learning that is meaningful to recipients, and delivers measurable benefits to the organisation from lasting behavioural change. The benefits of awareness activities must be quantifiable in order to determine value for money and whether the programme itself is successful in achieving its objectives. The awareness programme should not only result in a security-positive change in behaviour, but that change should last longer than the programme itself. Figure 2: Definition of effective security awareness

7 Part1 This report Purpose of this report Introduction Many organisations run security awareness programmes in order to encourage security-positive behaviour in their employees, but which often fail to deliver any lasting benefit. This leads many organisations to query: whether it is possible to create a change in staff attitude to security that has sustainable, quantifiable benefits for the organisation what the success factors are that make for an effective security awareness programme. In order to provide Members with a fresh perspective on this topic, the Forum ran a series of workshops on Effective Security Awareness. The definition for effective security awareness shown in Figure 2 opposite, was validated by Members at all of the workshops. This concept of effective security awareness is explored throughout this report, and the definition is described in greater detail in Part 5, Effective security awareness. The purpose of this report is to assist Members in their goal of making effective, positive and lasting change in security behaviour through awareness. The report does this by: documenting Members experiences of security awareness and the lessons they have learnt: both from material collected from Members before the workshops and from know how shared at the events themselves setting out the principles of an effective security awareness campaign: in particular, by examining closely the issues associated with getting people to change their behaviour providing a process for awareness that Members may wish to consider in order to become agents of positive change within their organisations. Who should read it This report is aimed primarily at information security professionals, but is also intended for any individual within a Member organisation with an interest in or responsibility for the developme nt or delivery of security awareness programmes or materials. The reader should have some familiarity with security awareness techniques prior to reading this report. WARNING This report is not intended to be a full Forum report and has not involved the detailed level of analysis that would be normal for such a document. 1

8 Part 2 Background Previous Forum reports Basis for this report In 1993, the Forum published an Implementation Guide on How to make your organisation aware of IT security. The Implementa tion Guide provides a comprehensive framework for the planning and implementation of an IT security awareness programme. Since the publication of the Implementation Guide, both security technology and the management approach to security have changed signif icantly; for example, the Internet has become an important enterprise resource, and security standards have been developed to manage its threat to enterprise security. These new controls require end users to adopt new security behaviours which in turn require new security awareness initiatives. The Forum therefore decided to run a series of workshops to explore how Members are addressing the subject of security awareness now, and what the critical success factors are for an effective security awareness programme. To prepare for the workshops, the Forum drew upon a range of information sources, including: previous Forum reports, including Information Security Culture: A preliminary investigation and Driving Information Risk Out of the Business results from the Information Security Status Survey research by the project team results from a questionnaire of participating Members presentations by Members at the workshops case studies of Members security awareness experiences. These information sources were used to define and develop the workshop contents, and are described in greater detail below and on the following pages. The Forum has already produced several reports that are relevant to an information security awareness programme. The current workshop report complements the existing materials, details of which are shown in Table 1 opposite: 2

9 Table 1: Previous security awareness reports Document It Could Happen to You: A Profile of Major Incidents (2000) Information Security Culture: A preliminary investigation (2000) Driving Information Risk Out of the Business (1999) The Impact of Security Management (1999) How to make your organisation aware of IT security (1993) Summary This report contains details of 13 information incidents that had a major impact on Member organisations. The incidents provide valuable examples for use within a security awareness programme by providing: a realistic view of the range of events that can compromise business information insights into their causes and their business impact practical suggestions for action to prevent recurrence of the incidents. This report presents the results of a preliminary investigation into the nature of an organisation s culture and its importance in determining the level of information security in that organisation. This report presents quantified information about the business risks of breakdowns in information security. It is based on the results of the Information Security Status Survey and other quantitative research. It also presents a framework for action, designed to help Members strengthen their information security arrangements and bring risks down to an acceptable level. This is one of a series of publications arising from the results of the Forum s 1998/99 Information Security Status Survey. The report focuses on the arrangements made to promote good information security practices (eg security organisation, programmes and resources). It identifies what organisational arrangements and resources are required, measures the impact of individual programmes and outlines what indiv idual Members can do to strengthen their existing arrangements, thereby maximising the contribution they make to business success. This report is aimed at all organisations that wish to start or improve their security awareness programmes. It sets out a method for developing and delivering security awareness campaigns, and provides tips on how to ensure the success of those campaigns. This list does not cover all of the Forum s awareness documentation; in particular, valuable material is available in The Forum s Standard of Good Practice. The Forum s Information Security Status Survey The Forum s Information Security Status Survey ( the Survey ) allows Members to complete a detailed questionnaire at intervals of their choosing and obtain a thorough analysis of their information security status, giving a clear picture of performance across all aspects of information security. Security awareness is one of the sets of controls probed by the Survey. The Forum drew upon the Survey results database to determine the impact of security awareness on the overall level of security. These results are presented at relevant points within Part 5, Effective security awareness. 3

10 Research The questionnaire Member presentations The project team calle d upon the resources of vendors, service providers and media reports in order to research the workshop contents. To ensure that this research was valid and provided a fresh perspective on the subject, the team was joined by Dr John Maule, Director of the Centre of Decision Research and Senior Lecturer in Management Decision Making at Leeds University Business School. Dr Maule has an international reputation in research on human decision making and risk taking, focusing in particular on the mental models that underlie strategic choice, the effects of time pressure and stress, and various aspects of human risk taking, including how to communicate risk. Dr Maule contributed to the research, and presented at five of the eight workshops. Prior to the workshops, participants were asked to complete a questionnaire about their opinions of security awareness and the effectiveness of awareness in their organisations. A total of 80 individuals from 72 Member organisations completed the questionnaire, the results of which are presented at relevant points within this report. The questionnaire, and its consolidated results, are available on the Forum s Member Exchange (MX) System, as are copies of the presentations, workshop packs and workbooks. Eight Effective Security Awareness workshops were held. Participants had the opportunity to share experiences, issues and ideas for effective security awareness. They also worked through the Effective Security Awareness process described later in this report using examples from their own organisations. Each workshop included presentations from Members, as detailed in Table 2 opposite: 4

11 Table 2: Workshop presentations Venue Date Presentation Topic Copenhagen 5 September 2001 Per Verdelin, TDC Services Melle Beverwijk, Infosecure Dublin 6 September 2001 Martina Costelloe, AIB Jim Sheridan, British Airways London 10 September 2001 Steve Pomfret, Nationwide Building Society Amanda Finch, Marks & Spencer Cheshire 25 September 2001 John Wall, Clerical Medical Martin Whitehead, The Co -operative Bank London 26 September 2001 Mark Goddard, Friends Provident Adrian Wright, Reuters Amsterdam 28 September 2001 Saïda Wulteputte, Procter & Gamble Melle Beverwijk, Infosecure/Klaas Bruin, KLM The Elements of an Awareness Project Awareness Programme for Information Security Security Awareness The Chameleon Programme Security Awareness Development of an Awareness CBT Campaign at M&SFS Changing Staff Attitudes Staff Awareness Experiences From The Front Line A CBT System for Security Awareness How We Failed and How We Plan to do Better in the Future Awareness Programme for Information Security Johannesburg 6 November 2001 Geoff Tumber, SCMB Security Awareness Chicago 5 December 2001 Dan Landess, State Farm Insurance Information Security Awareness Case studies During the research and delivery of the workshops, the project team met with Members to discuss their experiences of Information Security Awareness. Since the topic is subjective, and experie nces vary greatly between organisations, the objective was not to provide comparisons between Members, but instead to gather useful information about their awareness activities. This report therefore contains anecdotal case studies that describe the experiences of individual Member organisations and the lessons that they have learnt through their awareness programmes. Validity of the effective security awareness process The effective security awareness process described in this report was revised after each workshop to ensure that it provides a practical, usable method to develop an effective security awareness programme. When the workshops were complete, the project team spent two days with the information security team from a Member organisation working through the process to test its validity in a real environment. 5

12 Part 3 What is security awareness? Security awareness In 1993, the Forum published an Implementation Guide on How to make your organisation aware of IT security. The Guide includes a framework for the planning and implementation of an IT security awareness programme, and provides a definition of security awareness as follows: Information security awareness is the degree or extent to which every member of staff understands: the importance of information security the levels of information security appropriate to the organisation their individual security responsibilities and acts accordingly. The definition was validated by Members at all of the workshops, who agreed that it is still rele vant. The key element of this definition is the final line, since awareness is itself of no value unless it results in a desired change in behaviour. The importance of security awareness The effective management of information security requires a combination of technical and procedural controls to protect information assets. However, these controls can be circumvented or abused by employees who disregard their organisation s policies for security behaviour. Therefore the implementation of effective securit y controls is dependent upon creating a securitypositive environment where employees understand and engage in the behaviour that is expected of them. The use of security awareness to create and maintain security-positive behaviour is a critical element in an effective information security environment. The Information Security Status Survey provides data on the value of promoting information security activities. The results of question SM2401: Is awareness of information security promoted across the enterprise? are shown in Figure 3 opposite: 6

13 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Yes No Did not experience major incident Experienced major incident Figure 3: SM2401: Is awareness of information security promoted across the enterprise? Awareness and other security initiatives A traditional model for security awareness The results suggest that organisations that do not promote information security awareness are more likely to experience a major security incident than those that do promote awareness. A security-positive environment is a pre-requisite for certain other security initiatives. For example, a scheme of information classification whereby staff can assign a label to information that will determine the security controls to be applied to it is dependent upon all staff understanding and respecting the classification mechanism, which in turn requires staff to understand and respect information security. The Implementation Guide How to make your organisation aware of IT security proposes a four-step model for delivering a security awareness programme. The model allows for multiple awareness campaigns, where: a security awareness programme is a continuous undertaking aimed at building and sustaining a security-positive environment a security awareness campaign is one of a number of defined activities aimed at a special audience and/or at a specific security problem: for example, informing users about the threat from viruses, and teaching them how to control that risk. The security awareness programme is used to determine the scope of work and to define the multiple security awareness campaigns, as shown at a high level in Figure 4 overleaf: 7

14 Campaigns Determine programme scope Design campaign 1 Design campaign 2 Design campaign 3 Programme Develop campaign 1 Develop campaign 2 Develop campaign 3 Deliver campaign 1 Deliver campaign 2 Deliver campaign 3 Figure 4: Traditional model for security awareness The model comprises multiple campaigns forming an overall programme of work. The programme commences with a scope phase, which defines the security awareness campaigns, each of which will then have separate design, development and delivery phases. These may run sequentially or in parallel (as shown in Figure 4). Key issues The traditional model for security awareness described in How to make your organisation aware of IT security is widely used by Members. However, organisations represented at the workshops complained that security awareness activities fail to deliver a lasting behaviour change: that is, staff adopt the desired securitypositive behaviour for a short period of time, but often revert to their previous behaviour when the awareness activities have finished. To better understand the effectiveness of the traditional approach to security awareness, 80 participants from 72 Member organisations completed a questionnaire about their activities. The following sections explore the key issues associated with the traditional approach to security awareness. These are derived from statistical evidence from the questionnaire and the Information Security Status Survey, and anecdotal feedback from workshop attendees. The key issues, and their consequences for security awareness, are listed in Table 3 opposite: 8

15 Table 3: Key issues for security awareness Item Key Issue The majority of security awareness activities are not managed as a formal programme of work. The belief that awareness needs to be raised is the most common reason for commencing a security awareness programme. Very few awareness programmes have a formal, documented objective. The security management team sponsors the majority of awareness programmes. Many security awareness campaigns do not use specialised awareness materials. The majority of awareness campaigns do not incorporate a mechanism for assessing their own effectiveness, but instead measure the level of security knowledge of staff. Most organisations fail to commit sufficient resources to their awareness programme. Consequences Awareness programmes may not be correctly prioritised against other security activities The pace of delivery is not maintained due to a lack of formal deadlines and commitments The business case for security awareness is hard to justify because the need has not been clearly identified Value from an awareness activity cannot easily be quantified when the problem it is intended to address is not defined The purpose of the awareness programme may be unclear It may be hard to evaluate success since the desired outcome is unknown It may be difficult to determine the financial value of security awareness to the organisation The relationship between various security campaigns is uncertain, and their relationship with other security activities is unknown. This may cause conflict or confusion between security activities Business management are reluctant to release staff for awareness training because they have not committed to the activities Recipients of awareness training do not appreciate the importance of security or its relevance to their roles since their line managers have not communicated the need The programme fails to achieve a culture change because staff do not see senior management who may themselves have security-negative attitudes leading that change Staff do not understand what is expected of them since the awareness message does not specify who should do what and are therefore less likely to adopt the desired behaviour Campaigns fail because staff have heard similar messages before and are no longer interested Measurement of awareness proves little except that the individual has received the awareness messages: measure ment of effectiveness proves whether the message has actually changed behaviour Without firm evidence of effectiveness, it is difficult to justify or measure the success of awareness, and hence this can become a major obstacle to commencing an awareness programme A security function which does not receive adequate resources for security awareness is likely to focus instead on other activities that are perceived to be more important 9

16 Extent of awareness activities Members were asked to describe their current security awareness activities in order to understand whether they are formal campaigns or intermittent activities. The results are shown in Figure 5 below: Percentage of responses 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% A formal Unstructured, A single No security programme of intermittent campaign awareness work activities activities Activity Figure 5: Please describe your organisation s security awareness activities Findings Whilst half of the respondents describe their awareness activities as a formal programme of work, it is clear that the remainder have less or no structure for security awareness as: over a third of awareness projects are run as unstructured, intermittent activities one in six organisations have only a single campaign or no awareness activities at all. Thus in the absence of a formal programme of work, it is likely that most security awareness activities will suffer from a lack of formal deadlines and commitments. These findings are reinforced by data taken from the Information Security Status Survey. Figure 6 opposite shows the result of question SM2403a: Is awareness promoted using a formal awareness programme? 10

17 In no case 37% Exception 1% In all cases 14% In most cases 26% In a few cases 14% In about half the cases 8% Figure 6: SM2403a: Is awareness promoted using a formal awareness programme? Consequences It can be seen that for those cases where all, most or about half of awareness activities are managed using a formal awareness programme, 48% of all survey participating organisations promote security awareness issues through the use of formal awareness programmes. Over one half of Survey participants have little or no formal structure for their awareness activities. If security awareness activities are not managed as a formal programme of work, then: awareness programmes may not be correctly prioritised against other security activities the pace of delivery is not maintained due to a lack of formal deadlines and commitments. Key Issue: The majority of security awareness activities are not managed as a formal programme of work. 11

18 Drivers for security awareness Members were asked to comment on what they saw as the drivers for commencing their security awareness activities. The results are shown in Figure 7 below: Knowledge that security awareness can contribute to overall level of security Compliance with external standards/best practice Compliance with regulatory requirements Management concern about overall levels of information Drivers Audit or security review Result of risk analysis Many minor incidents in this organisation Major incident in this organisation Major incident in another organisation Very Low Low Medium High Very High Scale Figure 7: To what extent did the following events prompt the initiation of your security awareness activities? Findings The results suggest that Members security awareness activities are most commonly influenced by soft drivers: eg knowledge that awareness needs to be raised, either to comply with a standard, or because awareness is known to be a good thing. The hard drivers eg risk assessments or incidents appear to have less influence on the need to run security awareness campaigns. Consequences Commencing a security awareness campaign because of a belief that awareness needs to be raised means that: the business case for security awareness is hard to justify because the need has not been clearly identified value from an awareness activity cannot easily be quantified when the problem it is intended to address is not defined. Key Issue: The belief that awareness needs to be raised is the most common reason for commencing a security awareness programme. 12

19 Objective of awareness activities Members were asked to comment on the importance of their objective for security awareness activities. The results are shown in Figure 8 below: To reduce the number of security incidents To comply with external standards/best practice To address management concern about overall levels of information security Objective To comply with regulatory requirements To satisfy the recommendations of a review Other Very Low Low Medium High Very High Scale Figure 8: In your opinion, how important are the following objectives of your security awareness activities? Findings The results show a broad spread of objectives, with many Members reporting several different objectives for security awareness. The objectives appear to be more tangible than the drivers for commencing awareness activities described in the previous section. However, in the workshop sessions Members were asked whether they have a formal written objective for their awareness activities. The response suggests that only a small proportion typically fewer than 10% have a documented objective for their security awareness activities. Consequences In those cases where security awareness activities do not have a formal, documented objective: the purpose of the awareness programme may be unclear it may be hard to evaluate success since the desired outcome is unknown it may be difficult to determine the financial value of security awareness to the organisation the relationship between various security campaigns is uncertain, and their relationship with other security activities is unknown. This may cause conflict or confusion between security activities. Key Issue: Very few awareness programmes have a formal, documented objective. 13

20 Sponsorship of awareness activities In order to understand where the responsibility for awareness is perceived to rest, Members were asked who sponsors their awareness activities. The results are shown in Figure 9 below: No sponsor 16% Other Senior business 9% management 33% Human resources department 2% Information security management 40% Figure 9: Who sponsors your awareness activities? Findings The results show that: only one third of awareness activities are sponsored by the business management one project in six had no sponsor at all. Consequences SM24: Security Awareness of The Forum s Standard of Good Practice ( The Standard ) states that Formal awareness programmes should be supported by top management. Anecdotal evidence from workshop attendees suggests that successful awareness programmes often have a business sponsor or significant involvement from senior business management, and that nearly all successful programmes have some sponsor. Without a sponsor, awareness activities are likely to suffer problems that include: business management are reluctant to release staff for awareness training because they have not committed to the activities recipients of awareness training do not appreciate the importance of security or its relevance to their roles since their line managers have not communicated the need the programme fails to achieve a culture change because staff do not see senior management who may themselves have security-negative attitudes leading that change. Key Issue: The security management team sponsors the majority of awareness programmes. 14

Maximising the Effectiveness of Information Security Awareness

Maximising the Effectiveness of Information Security Awareness Maximising the Effectiveness of Information Security Awareness This thesis offers a fresh look at information security awareness using research from marketing and psychology. By Geordie Stewart and John

More information

Business Case. for an. Information Security Awareness Program

Business Case. for an. Information Security Awareness Program Business Case (BS.ISAP.01) 1 (9) Business Case for an Information Security Business Case (BS.ISAP.01) 2 Contents 1. Background 3 2. Purpose of This Paper 3 3. Business Impact 3 4. The Importance of Security

More information

Chapter 1: Health & Safety Management Systems (SMS) Leadership and Organisational Safety Culture

Chapter 1: Health & Safety Management Systems (SMS) Leadership and Organisational Safety Culture Chapter 1: Health & Safety Management Systems (SMS) Leadership and Organisational Safety Culture 3 29 Safety Matters! A Guide to Health & Safety at Work Chapter outline Leadership and Organisational Safety

More information

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) Risk should be defined as An uncertain event that, should it occur, would have an effect (positive or negative) on the project or business objectives.

More information

Written evidence for the Department of Business, Innovation and Skills: a small business commissioner

Written evidence for the Department of Business, Innovation and Skills: a small business commissioner Written evidence for the Department of Business, Innovation and Skills: a small business commissioner About ACCA ACCA is the global body for professional accountants. We aim to offer business-relevant,

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

DESCRIBING OUR COMPETENCIES. new thinking at work

DESCRIBING OUR COMPETENCIES. new thinking at work DESCRIBING OUR COMPETENCIES new thinking at work OUR COMPETENCIES - AT A GLANCE 2 PERSONAL EFFECTIVENESS Influencing Communicating Self-development Decision-making PROVIDING EXCELLENT CUSTOMER SERVICE

More information

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL DRAFT TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL An initial draft proposal to determine the scale, scope and requirements of a team productivity development improvement program for a potential client Team

More information

Beyond Security Awareness Achieving culture and avoiding fatigue

Beyond Security Awareness Achieving culture and avoiding fatigue Beyond Security Awareness Achieving culture and avoiding fatigue Prof. Steven Furnell Centre for Security, Communications & Network Research University of Plymouth United Kingdom Session Content Introduction

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

Comparison of Change Theories

Comparison of Change Theories VOLUME 8 NUMBER 1 2004-2005 Comparison of Change Theories Alicia Kritsonis MBA Graduate Student California State University, Dominquez Hills ABSTRACT The purpose of this article is to summarize several

More information

Key Performance Indicator (KPI) Guide

Key Performance Indicator (KPI) Guide Key Performance Indicator (KPI) Guide Measuring performance against the NSW Disability Services Standards Version 1.0 Key Performance Indicator (KPI) Guide, Measuring performance against the NSW Disability

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

River Clyde Homes: Officer Service Desk Analyst

River Clyde Homes: Officer Service Desk Analyst Job Role: Officer Service Desk Analyst Directorate: Business Support Role reports to: ICT Manager Roles Reporting to this role: N/A Total number of team members within team: 5 Grade: River Clyde Homes

More information

How To: Implement Change Successfully

How To: Implement Change Successfully How To: Implement Change Successfully INTRODUCTION The most important part of the audit cycle is making change Baker et al (1999) The aim of this How To guide is to provide advice on how to implement change

More information

Achieve. Performance objectives

Achieve. Performance objectives Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.

More information

Afro Ant Conversation. Change Management Return on Investment 3 April 2014

Afro Ant Conversation. Change Management Return on Investment 3 April 2014 Afro Ant Conversation Change Management Return on Investment 3 April 2014 Overview This report documents the information gathered at the Afro Ant Conversation held on the 3 rd of April 2014 on the topic

More information

Performance Management Is performance management really necessary? What techniques are best to use?

Performance Management Is performance management really necessary? What techniques are best to use? Performance Management Is performance management really necessary? What techniques are best to use? This e-book is a guide for employers to help them discover tips and methods of performance management,

More information

JOB DESCRIPTION. Contract Management and Business Intelligence

JOB DESCRIPTION. Contract Management and Business Intelligence JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: Contract Management and Business Intelligence Business Intelligence Business Insight Manager BAND: 7 BASE: REPORTS TO: Various Business Intelligence

More information

Applies from 1 April 2007 Revised April 2008. Core Competence Framework Guidance booklet

Applies from 1 April 2007 Revised April 2008. Core Competence Framework Guidance booklet Applies from 1 April 2007 Revised April 2008 Core Competence Framework Guidance booklet - Core Competence Framework - Core Competence Framework Core Competence Framework Foreword Introduction to competences

More information

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned Document management concerns the whole board Implementing document management - recommended practices and lessons learned Contents Introduction 03 Introducing a document management solution 04 where one

More information

CHANGE MANAGEMENT PLAN WORKBOOK AND TEMPLATE

CHANGE MANAGEMENT PLAN WORKBOOK AND TEMPLATE CHANGE MANAGEMENT PLAN WORKBOOK AND TEMPLATE TABLE OF CONTENTS STEP 1 IDENTIFY THE CHANGE... 5 1.1 TYPE OF CHANGE... 5 1.2 REASON FOR THE CHANGE... 5 1.3 SCOPE THE CHANGE... 6 1.4 WHERE ARE YOU NOW?...

More information

Data Quality Assurance: Quality Gates Framework for Statistical Risk Management

Data Quality Assurance: Quality Gates Framework for Statistical Risk Management Data Quality Assurance: Quality Gates Framework for Statistical Risk Management Narrisa Gilbert Australian Bureau of Statistics, 45 Benjamin Way, Belconnen, ACT, Australia 2615 Abstract Statistical collections

More information

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey.

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey. SECURITY AWARENESS SURVEY Is a survey necessary A survey will give you insight into information security awareness within your company. The industry has increasingly realized that people are at least as

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

WHO GLOBAL COMPETENCY MODEL

WHO GLOBAL COMPETENCY MODEL 1. Core Competencies WHO GLOBAL COMPETENCY MODEL 1) COMMUNICATING IN A CREDIBLE AND EFFECTIVE WAY Definition: Expresses oneself clearly in conversations and interactions with others; listens actively.

More information

How to gather and evaluate information

How to gather and evaluate information 09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic

More information

CPD an emotional rollercoaster

CPD an emotional rollercoaster CPD an emotional rollercoaster Aims: To raise awareness of the emotional aspects of change management (which are often ignored) and to introduce Fisher s transition curve to describe how mandatory CPD

More information

COLUMN. Metrics for knowledge management and content management. How can you know if your project has succeeded without using metrics?

COLUMN. Metrics for knowledge management and content management. How can you know if your project has succeeded without using metrics? KM COLUMN FEBRUARY 2003 Metrics for knowledge management and content management Metrics are a concrete way of defining what a knowledge management or content management project will achieve, and whether

More information

DBC 999 Incident Reporting Procedure

DBC 999 Incident Reporting Procedure DBC 999 Incident Reporting Procedure Signed: Chief Executive Introduction This procedure is intended to identify the actions to be taken in the event of a security incident or breach, and the persons responsible

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

Guide to Penetration Testing

Guide to Penetration Testing What to consider when testing your network HALKYN CONSULTING 06 May 11 T Wake CEH CISSP CISM CEH CISSP CISM Introduction Security breaches are frequently in the news. Rarely does a week go by without a

More information

Benefits realisation. Gate

Benefits realisation. Gate Benefits realisation Gate 5 The State of Queensland (Queensland Treasury and Trade) 2013. First published by the Queensland Government, Department of Infrastructure and Planning, January 2010. The Queensland

More information

Competency Frameworks as a foundation for successful Talent Management. part of our We think series

Competency Frameworks as a foundation for successful Talent Management. part of our We think series Competency Frameworks as a foundation for successful part of our We think series Contents Contents 2 Introduction 3 If only they solved all of our problems 3 What tools and techniques can we use to help

More information

Are waterfall and agile project management techniques mutually exclusive? by Eve Mitchell, PwC. 22 MARCH 2012 www.pmtoday.co.uk

Are waterfall and agile project management techniques mutually exclusive? by Eve Mitchell, PwC. 22 MARCH 2012 www.pmtoday.co.uk Are waterfall and agile project management techniques mutually exclusive? by Eve Mitchell, PwC 22 MARCH 2012 www.pmtoday.co.uk Projects need to be managed to be successful Change is a ubiquitous feature

More information

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant

More information

THE DESIGN AND EVALUATION OF ROAD SAFETY PUBLICITY CAMPAIGNS

THE DESIGN AND EVALUATION OF ROAD SAFETY PUBLICITY CAMPAIGNS THE DESIGN AND EVALUATION OF ROAD SAFETY PUBLICITY CAMPAIGNS INTRODUCTION This note discusses some basic principals of the data-led design of publicity campaigns, the main issues that need to be considered

More information

Even their body language is retail! They re head and shoulders above other training companies

Even their body language is retail! They re head and shoulders above other training companies Negotiation skills First Friday is a leading provider of training & development and change management services with a portfolio of 100+ clients across the UK, Europe and South Africa. Our team is unique;

More information

Making a positive difference for energy consumers. Competency Framework Band C

Making a positive difference for energy consumers. Competency Framework Band C Making a positive difference for energy consumers Competency Framework 2 Competency framework Indicators of behaviours Strategic Cluster Setting Direction 1. Seeing the Big Picture Seeing the big picture

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

Assessing your management system and the approach that you take

Assessing your management system and the approach that you take Management system management by matrix Assessing your management system and the approach that you take raising standards worldwide About the author John Osborne is Product Manager for BSI Training. The

More information

What to look for when recruiting a good project manager

What to look for when recruiting a good project manager What to look for when recruiting a good project manager Although it isn t possible to provide one single definition of what a good project manager is, certain traits, skills and attributes seem to be advantageous

More information

Performance Measurement

Performance Measurement Brief 21 August 2011 Public Procurement Performance Measurement C O N T E N T S What is the rationale for measuring performance in public procurement? What are the benefits of effective performance management?

More information

Role Activity Grade 5 PAS Professional Officer

Role Activity Grade 5 PAS Professional Officer Role Activity Grade 5 PAS Generic Post Job Title: Market Insight Officer Title: Reporting to: Head of Market Insight School/ External & Community Relations Department: Job Family: Professional and Administrative

More information

Effective from 1 January 2009. Code of Ethics for insolvency practitioners.

Effective from 1 January 2009. Code of Ethics for insolvency practitioners. INSOLVENCY PRACTITIONERS (PART D) Effective from 1 January 2009. Code of Ethics for insolvency practitioners. On 1 January 2014 a minor change was made to paragraph 400.3 of the code. The change clarifies

More information

WHITE PAPER. PCI Compliance: Are UK Businesses Ready?

WHITE PAPER. PCI Compliance: Are UK Businesses Ready? WHITE PAPER PCI Compliance: Are UK Businesses Ready? Executive Summary The Payment Card Industry Data Security Standard (PCI DSS), one of the most prescriptive data protection standards ever developed,

More information

Factsheet: Market research

Factsheet: Market research Factsheet: Market research A close understanding of the local childcare market and your customers needs is essential in order for your childcare business to succeed. Performing market research on potential

More information

Experience Report: Using Internal CMMI Appraisals to Institutionalize Software Development Performance Improvement

Experience Report: Using Internal CMMI Appraisals to Institutionalize Software Development Performance Improvement Experience Report: Using Internal MMI Appraisals to Institutionalize Software Development Performance Improvement Dr. Fredrik Ekdahl A, orporate Research, Västerås, Sweden fredrik.p.ekdahl@se.abb.com Stig

More information

APES 320 Quality Control for Firms

APES 320 Quality Control for Firms APES 320 Quality Control for Firms APES 320 Quality Control for Firms is based on International Standard on Quality Control (ISQC 1) (as published in the Handbook of International Auditing, Assurance,

More information

Research report. Understanding small businesses experience of the tax system

Research report. Understanding small businesses experience of the tax system Research report Understanding small businesses experience of the tax system February 2012 This research was commissioned by the HM Revenue & Customs (HMRC) Behavioural Evidence and Insight Team and Business

More information

Guide to to good handling of complaints for CCGs. CCGs. May 2013. April 2013 1

Guide to to good handling of complaints for CCGs. CCGs. May 2013. April 2013 1 Guide to to good handling of complaints for CCGs CCGs May 2013 April 2013 1 NHS England INFORMATION READER BOX Directorate Commissioning Development Publications Gateway Reference: 00087 Document Purpose

More information

Change Management in Project Work Survey Results

Change Management in Project Work Survey Results Change Management in Project Work Survey Results Contents 1. Introduction 1 2. Survey and Participants 2 3. Change Management 6 4. Impact of Change Management on Project Effectiveness 12 5. Communications

More information

INSOLVENCY CODE OF ETHICS

INSOLVENCY CODE OF ETHICS LIST OF CONTENTS INSOLVENCY CODE OF ETHICS Paragraphs Page No. Definitions 2 PART 1 GENERAL APPLICATION OF THE CODE 1-3 Introduction 3 4 Fundamental Principles 3 5-6 Framework Approach 3 7-16 Identification

More information

BT Contact Centre Efficiency Quick Start Service

BT Contact Centre Efficiency Quick Start Service BT Contact Centre Efficiency Quick Start Service The BT Contact Centre Efficiency (CCE) Quick Start service enables organisations to understand how efficiently their contact centres are performing. It

More information

Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project

Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take

More information

Principles of Good Complaint Handling

Principles of Good Complaint Handling Principles of Good Complaint Handling Principles of Good Complaint Handling Good complaint handling means: 1 Getting it right 2 Being customer focused 3 Being open and accountable 4 Acting fairly and proportionately

More information

Health & Safety for Businesses and the Voluntary Sector. Key Principles

Health & Safety for Businesses and the Voluntary Sector. Key Principles Health & Safety for Businesses and the Voluntary Sector Key Principles KEY PRINCIPLES 1 Key Principles Introduction The importance of managing health and safety effectively cannot be over-emphasised. Ensuring

More information

Complying with the Records Management Code: Evaluation Workbook and Methodology. Module 8: Performance measurement

Complying with the Records Management Code: Evaluation Workbook and Methodology. Module 8: Performance measurement Complying with the Records Management Code: Evaluation Workbook and Methodology Module 8: Performance measurement Module 8: Performance measurement General 10.1 Many of the questions in the earlier modules

More information

Article on Change Management vs. Behavioural Change Management By Jonathan Gardner. Where change management fails and what to do about it?

Article on Change Management vs. Behavioural Change Management By Jonathan Gardner. Where change management fails and what to do about it? Article on Change Management vs. Behavioural Change Management By Jonathan Gardner Where change management fails and what to do about it? Change Management : one of the buzzwords of our time. But what

More information

Dual Diagnosis Dr. Ian Paylor Senior Lecturer in Applied Social Science Lancaster University

Dual Diagnosis Dr. Ian Paylor Senior Lecturer in Applied Social Science Lancaster University Dual Diagnosis Dr. Ian Paylor Senior Lecturer in Applied Social Science Lancaster University Dual diagnosis has become a critical issue for both drug and mental health services. The complexity of problems

More information

Guide to marketing. www.glasgow.ac.uk/corporatecommunications. University of Glasgow Corporate Communications 3 The Square Glasgow G12 8QQ

Guide to marketing. www.glasgow.ac.uk/corporatecommunications. University of Glasgow Corporate Communications 3 The Square Glasgow G12 8QQ Guide to marketing www.glasgow.ac.uk/corporatecommunications University of Glasgow Corporate Communications 3 The Square Glasgow G12 8QQ 0141 330 4919 2 Introduction One of the easiest mistakes to make

More information

Budget 300-360 per day negotiable for the right candidate 6 month contract 5 days per week for 1 st month - negotiable 3 days per week for 5 months

Budget 300-360 per day negotiable for the right candidate 6 month contract 5 days per week for 1 st month - negotiable 3 days per week for 5 months Job Title Pay Band Hours Contract Type Base Employing organisation Directorate Responsible to Accountable to Benefits Manager Budget 300-360 per day negotiable for the right candidate 6 month contract

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Policy document Date. YourPlace Property Management www.your-place.net. Debt Recovery Policy. Part of the GHA family. Page 0. Debt Recovery Policy

Policy document Date. YourPlace Property Management www.your-place.net. Debt Recovery Policy. Part of the GHA family. Page 0. Debt Recovery Policy YourPlace Property Management www.your-place.net Policy document Date Debt Recovery Policy Page 0 Part of the GHA family Name of Policy Responsible Officer Executive Finance Manager Date approved by YourPlace

More information

Level: 3 Credit value: 5 GLH: 28 Relationship to NOS:

Level: 3 Credit value: 5 GLH: 28 Relationship to NOS: Unit 341 Implement UAN: Level: 3 Credit value: 5 GLH: 28 Relationship to NOS: Assessment requirements specified by a sector or regulatory body: Aim: T/506/1929 Management & Leadership (2012) National Occupational

More information

Commercial Buildings Special Working Group Change Management Report 2010

Commercial Buildings Special Working Group Change Management Report 2010 1 Contents 1. Introduction... 3 2. Findings from member interviews... 4 Review of Current Change Management Practices... 6 3. Methodology... 7 Structured Approach... 7 Improving your context... 8 Getting

More information

4 Keys to Driving Results from Project Governance

4 Keys to Driving Results from Project Governance THOUGHT LEADERSHIP WHITE PAPER In partnership with Agile or Waterfall? 4 Keys to Driving Results from Project Governance You can t swing a project manager these days without hitting the debate of Agile

More information

Ronan Emmett Global Human Resources Learning Solutions

Ronan Emmett Global Human Resources Learning Solutions A Business Impact Study detailing the Return on Investment (ROI) gained from a Negotiation Skills training programme in Ireland delivered by the EMEAS Learning Solutions Team. There is a definite trend

More information

2015 Information Security Awareness Catalogue

2015 Information Security Awareness Catalogue Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with

More information

Making information security awareness and training more effective

Making information security awareness and training more effective Making information security awareness and training more effective Mark Thomson Port Elizabeth Technikon, South Africa Key words: Abstract: Information security, awareness, education, training This paper

More information

APPENDIX ONE: SUMMARY TABLE OF SURVEY FINDINGS AND ACTIONS TAKEN ANNUAL PATIENT AND PUBLIC SURVEY 2013: SUMMARY OF KEY FINDINGS

APPENDIX ONE: SUMMARY TABLE OF SURVEY FINDINGS AND ACTIONS TAKEN ANNUAL PATIENT AND PUBLIC SURVEY 2013: SUMMARY OF KEY FINDINGS APPENDIX ONE: SUMMARY TABLE OF SURVEY FINDINGS AND ACTIONS TAKEN ANNUAL PATIENT AND PUBLIC SURVEY 2013: SUMMARY OF KEY FINDINGS Topic Finding Action taken/planned Awareness of the GDC Unprompted awareness

More information

It will help you to think about how best to approach change, the key considerations and managing potential barriers to successful change.

It will help you to think about how best to approach change, the key considerations and managing potential barriers to successful change. CHANGE MANAGEMENT This tool kit has been designed to help you plan and implement change. It will help you to think about how best to approach change, the key considerations and managing potential barriers

More information

Attribute 1: COMMUNICATION

Attribute 1: COMMUNICATION The positive are intended for use as a guide only and are not exhaustive. Not ALL will be applicable to ALL roles within a grade and in some cases may be appropriate to a Attribute 1: COMMUNICATION Level

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Personal Learning and Thinking Skills

Personal Learning and Thinking Skills Personal Learning and Thinking Skills Guidance on delivering Personal Learning and Thinking Skills within Pan Sector Apprenticeship Frameworks Independent enquirers Creative thinkers Reflective learners

More information

The Six Deadly ERP Sins

The Six Deadly ERP Sins The Six Deadly ERP Sins Summary: This white paper is a collection of observations by Manoeuvre based on our experience in the field of Enterprise Resource Planning (ERP) system implementations. The target

More information

Development of a retention schedule for research data at the London School of Hygiene & Tropical Medicine JISC final report

Development of a retention schedule for research data at the London School of Hygiene & Tropical Medicine JISC final report 1. Introduction Development of a retention schedule for research data at the London School of Hygiene & Tropical Medicine JISC final report 1.1 The London School of Hygiene & Tropical Medicine is a postgraduate

More information

Organisational Change Management

Organisational Change Management Organisational Change Management The only thing that is constant is change in your business, your market, your competitors, and your technology. Remaining competitive and responsive to your customers and

More information

The following criteria have been used to assess each of the options to ensure consistency and clarity:

The following criteria have been used to assess each of the options to ensure consistency and clarity: 4 Options appraisal 4.1 Overview We have appraised each of the options identified in section 3: Maintain the status quo Implement organisational change and service improvement Partner / collaborate with

More information

Corporate Staff Survey Action Plan 2008. DRAFT v2.0

Corporate Staff Survey Action Plan 2008. DRAFT v2.0 Corporate Staff Survey Action Plan 2008 1 DRAFT v2.0 1 1. Working Conditions 1.1 Issue Possible Impacts Actions Owners Timescale Success Measures Identify key areas where dissatisfaction is dissatisfaction

More information

The Healthcare Leadership Model Appraisal Hub. 360 Assessment User Guide

The Healthcare Leadership Model Appraisal Hub. 360 Assessment User Guide The Healthcare Leadership Model Appraisal Hub 360 Assessment User Guide 360 Assessment User Guide Contents 03 Introduction 04 Accessing the Healthcare Leadership Model Appraisal Hub 08 Creating a 360 assessment

More information

Seven Principles of Change:

Seven Principles of Change: Managing Change, LLC Identifying Intangible Assets to Produce Tangible Results Toll Free: 877-880-0217 Seven Principles of Change: Excerpt from the new book, Change Management: the people side of change

More information

4374 The Mauritius Government Gazette

4374 The Mauritius Government Gazette 4374 The Mauritius Government Gazette General Notice No. 2260 of 2012 THE INSOLVENCY ACT Notice is hereby given that the following Rules governing the performance and conduct of Insolvency Practitioners

More information

Module 1 Study Guide

Module 1 Study Guide Module 1 Study Guide Introduction to OSA Welcome to your Study Guide. This document is supplementary to the information available to you online, and should be used in conjunction with the videos, quizzes

More information

Standards of conduct, ethics and performance. July 2012

Standards of conduct, ethics and performance. July 2012 Standards of conduct, ethics and performance July 2012 Reprinted July 2012. The content of this booklet remains the same as the previous September 2010 edition. The General Pharmaceutical Council is the

More information

The Business Benefits of Logging

The Business Benefits of Logging WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as

More information

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers Queensland Government Human Services Quality Framework Quality Pathway Kit for Service Providers July 2015 Introduction The Human Services Quality Framework (HSQF) The Human Services Quality Framework

More information

User research for information architecture projects

User research for information architecture projects Donna Maurer Maadmob Interaction Design http://maadmob.com.au/ Unpublished article User research provides a vital input to information architecture projects. It helps us to understand what information

More information

The Cambridge Executive MBA - Seeking Employer Support

The Cambridge Executive MBA - Seeking Employer Support - Seeking Employer Support An Executive MBA is a programme designed for people who have excelled in their career to date and have proved their ambition and drive to succeed and wish to invest in their

More information

MEDIATION, AND SOME TIPS FOR GETTING THE BEST OUT OF IT

MEDIATION, AND SOME TIPS FOR GETTING THE BEST OUT OF IT MEDIATION, AND SOME TIPS FOR GETTING THE BEST OUT OF IT By Rosemary Jackson QC, Barrister and Mediator Keating Chambers Why mediation? After more than 25 years as a barrister specialising in construction

More information

PROGRESS THROUGH PARTNERSHIP MAKING A DIFFERENCE GUIDANCE PERFORMANCE MANAGEMENT FRAMEWORK AND CONTINUOUS IMPROVEMENT

PROGRESS THROUGH PARTNERSHIP MAKING A DIFFERENCE GUIDANCE PERFORMANCE MANAGEMENT FRAMEWORK AND CONTINUOUS IMPROVEMENT PROGRESS THROUGH PARTNERSHIP MAKING A DIFFERENCE GUIDANCE PERFORMANCE MANAGEMENT FRAMEWORK AND CONTINUOUS IMPROVEMENT July 2014 Contents Page Introduction 3 What is continuous improvement? 4 Why do we

More information

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

4. The creation of a Teaching Excellence Framework will not be straightforward and requires an iterative process of development.

4. The creation of a Teaching Excellence Framework will not be straightforward and requires an iterative process of development. Business, Innovation and Skills Committee Inquiry: Assessing quality in Higher Education Written evidence submitted by the Office of the Independent Adjudicator for Higher Education (OIA). Summary 1. The

More information

PCI Compliance Top 10 Questions and Answers

PCI Compliance Top 10 Questions and Answers Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs

More information

The PMO as a Project Management Integrator, Innovator and Interventionist

The PMO as a Project Management Integrator, Innovator and Interventionist Article by Peter Mihailidis, Rad Miletich and Adel Khreich: Peter Mihailidis is an Associate Director with bluevisions, a project and program management consultancy based in Milsons Point in Sydney. Peter

More information

Measuring Contractors Performance Using KPIs GUIDANCE NOTES FOR FACILITIES MANAGERS

Measuring Contractors Performance Using KPIs GUIDANCE NOTES FOR FACILITIES MANAGERS Measuring Contractors Performance Using KPIs GUIDANCE NOTES FOR FACILITIES MANAGERS Published by the British Institute of Facilities Management BIFM November 2014 1 Why measure performance? Jonah Lomu

More information

MODULE 10 CHANGE MANAGEMENT AND COMMUNICATION

MODULE 10 CHANGE MANAGEMENT AND COMMUNICATION MODULE 10 CHANGE MANAGEMENT AND COMMUNICATION PART OF A MODULAR TRAINING RESOURCE Commonwealth of Australia 2015. With the exception of the Commonwealth Coat of Arms and where otherwise noted all material

More information

Third Party Litigation Funding

Third Party Litigation Funding OVERVIEW Third party litigation funding (TPLF) is the practice where an outside party, with no direct interest in the claim, pays for the cost of a lawsuit in exchange for a portion or percentage of any

More information