Security in any organization is only as good as the individuals within it. While we may employ and number of checks and balances, by way of technical controls, to achieve “compliant” enterprises, we are still at the mercy of the trust relationships we have with our employees. Such is the case with those who decide, for what they consider the “greater good” to disclose proprietary or classified information. Somewhere along the way, their trust has been undermined. So, trust is not a security objective or something that can be controlled.
Establishing trust is certainly an abstract concept in most organizational models, but there are tangible results, as recent incidents have demonstrated, to be gained by thinking them through. Trust is a key outcome of a good Governance, Risk and Compliance model. Trust relationships are built from consistent organization positions and actions, from oversight through operations, OCEG tells us. Lead by example was the mantra during my military career. Facilitating these approaches from the top will go a long way to establishing a trust-based culture that cascades down and creates the relationship you would like to build with your employees.
We cannot expect loyalty to be given blindly. We must set goals to inspire and promote an organizational culture of performance, accountability, integrity, trust and open communications.