Shape
The Shape pathway is for anyone responsible for making strategic decisions or leading organisations at a local, regional or national level (e.g. policy-makers, board-level leaders, chief executives, business owners, directors). This pathway encapsulates the insights from Explore, Embed and Drive. It encourages consideration of how cyber security ideas should be used to shape decisions and actions.
The Shape Pathway
Step 1 - Cyber Responsibility
| Question |
| What do you currently do within your role to ensure your organisation is cyber safe? |
| Read |
Although written with CEO's in mind, this blog post has helpful guidance for any senior leader looking to improve their contribution towards a cyber safe organisation: |
| Question |
| Based on the advice in the blog, what more could you and your senior colleagues do to support cyber security? Consider the various different aspects covered in the blog. |
Step 2 - Cyber Questions for Senior Leaders
| Read |
Whilst there are steps you can take as an individual within your role, cyber security should also be treated as a strategic risk with tested plans and a positive cyber security culture across organisations. Audit Scotland have developed a set of key questions that everyone organisation should be able to answer: Link: Cyber crime: A serious risk to Scotland's public sector |
| Task |
| Consider how these questions could support discussions amongst senior leadership within your organisation. How can they be shared with other senior leaders and what could you do to facilitate a meaningful conversation? |
Step 3 - Strategic Planning and Risk Management
| Watch |
The National Cyber Security Centre (NCSC) have developed a toolkit for organisation boards. The toolkit hosts a set of resources designed to help board members to govern cyber risk. Made up of nine modules, the toolkit covers the essential components of a cyber resilient organisation: |
| Question |
| Having looked through the toolkit, what needs to be done to encourage it’s use within your organisation? Who do you need to speak to in order to co-ordinate this? |
Step 4 - Workforce Awareness
| Read |
Many of the resources included throughout this level highlight the importance of staff awareness of cyber threats and risks. This article looks at the importance of cyber security training for the workforce, and provides useful suggestions as to how local training can be improved to be more impactful. Although written with NHS staff in mind, the guidance could be applied across any organisation: Link: How to equip NHS staff with cyber security skills they will use |
| Task |
| Use the suggestions in the article to review the current cyber security training available to staff across your organisation. What could be done to improve it’s effectiveness? |
What Next?
You have now completed the Shape pathway.
Pathway Update Notifications
You can access this Pathways Update Notifications Form to register to receive email notifications when pathway content is updated or new resources are added.
Feedback
To share any comments or questions you have about the pathway please email nes.dew@nhs.scot. You can also let us know if any of the links aren’t working, or the resources aren’t available.
Click here to go to the homepage
