Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security...
Transcript of Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security...
![Page 1: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/1.jpg)
John Haren Head of Information Security Governance, Risk & Compliance
Creating a Security Champions’ Network at Diageo
![Page 2: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/2.jpg)
Our Core Brands
![Page 3: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/3.jpg)
A little bit of theory……
• Distributed Network of ‘Accelerators’
• Change agents
• Facilitates Rapid Change
• Supporting
understanding
![Page 4: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/4.jpg)
What were we up against?
![Page 5: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/5.jpg)
Symbiosis
A Security Champions’ Network - Creating a win-win situation
![Page 6: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/6.jpg)
Identify the end game – SMART Objectives
Be ambitious
![Page 7: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/7.jpg)
The Approach: Start with Top Down
1. Identify the stakeholders and
the benefits for each
2. CTO Support
3. Regional IT Support
![Page 8: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/8.jpg)
The Approach: Start with Top Down
4. Line managers’ support 5. Sell it to the potential champions
![Page 9: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/9.jpg)
Champions’ Network now in
place : Bottom up
• 40+ Security Champions across 21 markets
• The model for other global policies
![Page 10: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/10.jpg)
Tools of Engagement
![Page 11: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/11.jpg)
Issues we encountered
• Culture • Language
• One solution size does not fit all • Pockets of weak engagement
![Page 12: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/12.jpg)
Issues we encountered
![Page 13: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/13.jpg)
Continuous Improvement • Train your
champions! • Use formal goals • Share key learnings • Refresh the network
• Demonstrate tangible value to the business
![Page 14: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/14.jpg)
![Page 15: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/15.jpg)
![Page 16: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/16.jpg)
![Page 17: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/17.jpg)
![Page 18: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/18.jpg)
![Page 19: Creating a Security Champions’ Network at Diageo · John Haren Head of Information Security Governance, Risk & Compliance Creating a Security Champions’ Network at Diageo](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e76a63f07b26a37a6510d49/html5/thumbnails/19.jpg)
Key Take Aways
Takeaway 2: Gain support from senior management first
Takeaway 3: Empower your champions
Takeaway 4: Build the program into champions’ annual targets or development plans
Takeaway 5: Actively drive continuous improvement
Takeaway 1: Aim for a Win-Win situation