Speaker
Description
This paper deals with the importance of a positive leadership for a well-fostered nuclear security culture in practice and the impact the behavior of managers can have to it. This goal of robust and positive security culture is not restricted to the classical security are but also indispensable for an effective cyber security culture as well. While it is easy to state and demand for appropriate management skills of managers, this question is quite intricate when it comes to the leadership behaviour and its impact to the security culture of the overall staff.
On problem may arise from the fact that the goals of the organization are maybe not 100% identical with the goals of its staff and the other problem is the definition of a good leadership itself as it remains somehow vague or dizzy what good leadership is based on. Fostering a robust positive security culture is not given by itself: it is based on a carefully chosen and balanced action by the managers who are in charge to act as leaders and be role models for the general staff. Whereas they are supposed to guarantee a tailor-fit management system for themselves and their coworkers, the role modelling function of managers should not be underestimated. Taking into account the IAEA Nuclear Security Series No. 7 “Nuclear Security Culture” (implementing guide, 2008) one can easily identify the characteristics of leadership behavior which are supposed to support a strong security culture of the overall staff, such as
(a) Expectations,
(b) Use of authority,
(c) Decision making,
(d) Management oversight,
(e) Involvement of staff,
(f) Effective communications,
(g) Improving performance and
(h) Motivation.
These characteristics should however be breaking down and translated to a more handy or practical format. Besides they are supposed to be more thought provoking than prescriptive because an effective leadership of the managers cannot be realized by simply parroting high but formal demands for the so-called appropriate behaviour of the managers. What does that mean in practice for the managers? They are indeed in charge of questioning their own daily behavior, e.g. by asking themselves e.g. the following questions:
- How do I guarantee to be regularly and often approachable for my staff?
- How do I take responsibility for the needs of my staff?
- How can I ensure to visibly act as role model when it comes to security related issues (and not claiming “special rights” and
exceptions for myself)? - What can I do to clearly and regularly communicate the security goals of our company to the staff?
- How do I contribute to improve the motivation of the staff?
- How do I make decisions and do I properly explain them to the staff?
- How do I use authority and if so, everytime if necessary and or just limited to sanction the staff?
- How can I clearly communicate the “red line” problem (the absolute “no-go” for our company when it comes to security related behaviour)
and the obligatory consequences if crossing or violating this line? - Do I regularly perform walkthroughs, make them visible for the staff and document them in a careful and respectful manner?
- How do I motivate and actively support the (self-)assessment of our own security culture?
- How do I contribute to implement the resulting action plan and monitor its progress?
Managers are therefore obliged and should feel responsibility to frequently reflect their own behaviour in regard to an overall strong security culture and optimize their own behaviour whenever necessary. Complacent or even ignorant managers should not expect a better security-oriented behaviour from their staff than from themselves. Only a positive and well-fostered security culture will contribute to an effective security regime.
| State | Germany |
|---|---|
| Gender | Male |
