Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.
Miriam Mwonge currently works in Data Privacy Operations at East African Breweries Plc, where she is an Information Manager and Data Protection & Privacy Lead. Her work revolves around information management and governance, information security and data privacy.
Miriam appears exclusively at PrivSec Global to discuss human-centric security culture, looking at what organisations can do to optimise management of risks associated with a company’s employees.
Below, Miriam answers questions on her professional journey and the themes of her PrivSec Global session.
- Human-Centric Security Culture – Day 1, Wednesday 29th November, 12:30pm - 13:15pm GMT
Could you briefly outline your career pathway so far?
I am a seasoned information management, data privacy and governance leader with a career that spanning 14 years. My professional journey traverses academia, oil and gas industries, as well as multifaceted consultancy and manufacturing sectors. Each of these has presented unique challenges and operational landscapes.
My passion, commitment and interest are driven by the constant changes in digital trends, technology and legislations that explicitly mould company strategies, business processes, workflow dynamics, and the continuous enhancement of skillsets.
What does it mean to build a human-centric security culture?
Building a human-centric security culture involves acknowledging and prioritizing the role of individuals in the security framework across various dimensions, including physical security, personnel safety, e-safety, risk assessment, management, business continuity, and investigations.
The synergy between humans and technology is vital for achieving comprehensive and fool-proof security. Individuals have to be empowered by fostering a sense of responsibility, and recognizing the unique contributions that human factors bring to the multifaceted landscape of security.
What are the primary hurdles companies face as they bid to build a human-centric security culture?
Building a human-centric security culture faces challenges, including:
- · Privacy concerns: Security may infringe on privacy, requiring careful consideration to avoid breaches, especially with global data protection laws like GDPR.
- · Resistance to change: Users may resist security protocol changes if perceived as inconvenient.
- · Limited understanding: Users may not grasp the benefits of security initiatives fully.
- · Lack of trained personnel: Insufficient expertise to support security measures and provide preceding training.
- · Budgetary constraints: Security measures need to demonstrate business value to secure budget allocations.
- · Technology-human misalignment: Security tech may not align with human behavior, risking workarounds.
- · Evolving threat landscape: Adapting security measures to the constantly changing threat landscape is a perpetual challenge.
Despite these hurdles, proactive efforts are crucial for creating a resilient and adaptable security environment.
Traditionally, building a security culture is based on strict industry certifications, policies, laws, and regulations. Security professionals are taught that employees in the organisation are the most significant risks and to “manage those risks.”
But what does it take to integrate human centricity into your security culture? Tune in to this exclusive PrivSec Global panel debate to find out.
Also on the panel:
- · Igor Gutierrez, Information Security Officer & DPO, B. GROB do Brasil S.A.
- · Adam Low, CTO, Zivver
- · Federico Iaschi, Head of Cyber Security Resilience and Observability, Virgin Media O2
- · Amy Rose, Head of Governance and Compliance, NHS Confederation
Session: Human-Centric Security Culture
Time: 12:30 – 13:15 GMT
Date: Day 1, Wednesday 29 November 2023
Discover more at PrivSec Global
As regulation gets stricter – and data and tech become more crucial – it’s increasingly clear that the skills required in each of these areas are not only connected, but inseparable.
Exclusively at PrivSec Global on 29 & 30 November 2023, industry leaders, academics and subject-matter experts unite to explore these skills and the central role they play in privacy, security and GRC.