- Understanding Risk Through Your People
Gaining Insight into Organizational Security Practices
Understanding how security is actually practiced within an organization requires more than technical analysis. Maryman conducts Focus Groups & Executive Interviews to gather insights from employees, leadership, and stakeholders.
What We Evaluate
- Security awareness and cultural challenges
- Gaps between policy and practice
- Executive understanding of cyber risk
- Organizational readiness for compliance and audits
Executive Understanding of Cyber Risk and Governance
For information security focus groups, you typically want to evaluate both knowledge and attitudes as well as actual workplace behaviors. Here are key areas to assess:
- Awareness of organizational security policies and expectations
- Understanding of individual roles and responsibilities in protecting information
- Recognition of common cyber threats (phishing, social engineering, malware, business email compromise)
- Confidence in identifying and responding to security incidents
- Security decision-making in day-to-day work activities
- Password and authentication practices, including use of multi-factor authentication
- Handling, sharing, and storage of sensitive or confidential information
- Use of approved versus unapproved applications, tools, and cloud services
- Remote work and mobile device security practices
- Reporting behaviors for suspicious emails, security incidents, and policy violations
- Perceived barriers to following security policies and procedures
- Employee perceptions of security training effectiveness and relevance
- Understanding of data classification and data handling requirements
- Security considerations when collaborating with third parties, vendors, and customers
- Attitudes toward cybersecurity and personal accountability
- Perceptions of leadership commitment to information security
- Team and departmental security norms and behaviors
- Security communication effectiveness and preferred communication channels
- Trust in incident reporting processes and concern about repercussions
- Awareness and use of available security resources and support channels
- Areas where employees feel additional guidance, training, or tools are needed
- Examples of workarounds or behaviors that may introduce risk
- Organizational culture factors that encourage or discourage secure behavior
- Alignment between security requirements and business objectives
- Perceived cybersecurity risks most relevant to employees’ roles
- Opportunities to improve security culture, engagement, and resilience
Behavioral Indicators to Explore
- How employees verify unusual requests before taking action
- How they react when under time pressure or competing priorities
- Whether they challenge suspicious communications from executives or trusted contacts
- How frequently they report security concerns
- How they balance productivity and security requirements
- How security considerations are incorporated into routine workflows
Building Practical, Business-Aligned Security Programs
These insights inform more effective information security strategies, ensuring recommendations are aligned with your own operations—not just theoretical models.
Call 818-290-3775 to gain a deeper understanding of your organization’s security posture by engaging Maryman.