An organisation’s culture is its system of values and beliefs. It can be revealed in the behaviour of its members or citizens, but this is not guaranteed. Espoused values are not always those that are lived.
Organisations face increasing challenges to ensure that employee risk – particularly for staff members fulfilling high-trust roles – is understood and remains manageable. Recent high-profile cases involving financial institutions, intelligence, police and military personnel have highlighted limitations in vetting pre or during employment. Psychometric testing has proven to be insufficiently reliable in identifying a candidate’s suitability for work in aviation, education or health sectors.
An Axiological Approach to Measuring Employee-Risk
Drawn from a sample of 120 Insider case studies, the UK Government’s Centre for the Protection of National Infrastructure (CPNI) Insider-Data-Collection-Study (April 2013 – link) identified a set of 18 traits, behaviours and lifestyle vulnerabilities that indicated significant risk amongst individuals to act against the interests of the employers’ business.
Based on the work of Research Philosopher and Nobel Prize nominee Dr Robert S Hartman into Value Science, axiologically derived Axiometrics™ processes offer a viable toolset to employ in response to the insider threats identified in the CPNI study. Axiological analysis will support managers and executives in directly identifying 13 of the 18 risk characteristics listed in the study and indicate levels of risk in 3 of the remaining 5.
Axiology offers a unique, effective and affordable solution to support managers and executives counter this complex and difficult-to-detect organisational challenge. Of the many threats to an organisation’s reputation and integrity, few are as pervasive as that of malicious activity from inside the organisation; this has an additional impact on all other elements of security risk.
Taking a Values-based approach to culture and what may become people-risk – including the particularly challenging Insider threat – offers a reliable, ‘ungameable’, repeatable means to measure individual, team and organisational levels of risk and propose bespoke remediation strategies where risk thresholds are exceeded.