Empowering your stakeholders through the Cyber Design Accelerator

Written By George Bathurst

Secure by Design demands that thorough preparation for risk management is conducted.

Here, cyber security consultants are often asked to identify and list stakeholders. But why should we do this if it isn’t useful? How can a list of people contribute to good risk management? Having a list of interested parties is a great start but through secure by design we want to take this to a more practical level.

Our Cyber Design Accelerator Framework focuses on the Practical Preparation Process.  One element of this empowering your stakeholders. Our three-point plan will help you to turn your stakeholder list into a communication plan allowing you to engage the right people, understand their needs and empower them for their role in risk management.

Take your superhero stakeholder CAPE

  • Consider who should be a stakeholder. Stakeholders can be anyone who has an interest in your project. Think about it from this perspective – if you’re delivering a system, who would be worried if that system didn’t work in its operational environment? If you think they will be worried, they are likely to be a stakeholder. They can be inside or outside of the organisation. This approach in thinking will allow you to widen your stakeholder list.

  • Action your stakeholder list by making it something that everyone is involved in. Collaboration with everybody in your team is often a great way to expanding your ideas and thoughts about who should be involved in delivering your system.

  • Power and influence. What power does any stakeholder have on your system? What influence can they exercise over it? Thinking about this approach from an individual stakeholder perspective will allow you to understand their need for engagement and make any conversation with them meaningful. You will be talking to them about their particular interest in the system as you have identified and considered their interest.

  • Early engagement. Warming up your stakeholders as part of your preparation work for risk management is vital. Rather than approaching a stakeholder for the first time with an issue or risk, why not approach them early in your risk management work. Let them know why they are a stakeholder, what their interest is assessed to be, when you are likely to contact them and what about. This proactive preparation for risk management.

Preparation is everything. Brining your people together and doing something as basic as identifying stakeholders and following our three point plan will almost always help you to identify risks to delivery and make you more successful.

George Bathurst
Previous

Do you really need more security people?