Skip to content

8. Reward responsibility


What

The principle of "Reward Responsibility" involves establishing a system within an organization to recognize and reward the efforts of Security Champions. This system is designed to encompass both tangible and intangible forms of recognition and rewards. It aims to acknowledge the contributions that Security Champions make in enhancing the security posture of the organization, including their dedication, innovations, and proactive measures in managing security-related issues.

Why

Acknowledging and rewarding Security Champions is crucial for several reasons. Firstly, it serves as a significant motivator, encouraging continued enthusiasm and dedication in their roles. When individuals see their efforts being recognized, they are more likely to take ownership and be proactive in their security responsibilities. Additionally, a reward system contributes to the overall effectiveness of the Security Champions program by fostering a positive and encouraging environment. It also plays a key role in talent retention within the program, as it demonstrates the organization's appreciation and value for the commitment and efforts of its Security Champions.

How

To effectively implement this principle, organizations should develop a system that regularly recognizes the efforts of Security Champions. This could include setting up formal recognition programs, offering tangible rewards such as bonuses or professional development opportunities, and providing career advancement possibilities for effective champions. Additionally, regular feedback and expressions of appreciation are essential. Tailoring rewards to individual motivations is also key; some Champions might value public recognition, while others might appreciate personal development opportunities. The system should be designed to align with the organization's culture and policies, ensuring that it is meaningful and sustainable. Please refer to The Star Model ™or the PDF for more information on the theory of reward systems.

Supporting Artifacts:

  • Recognition Certificate Templates:
    Create customizable certificate templates to formally recognize the contributions of Security Champions. These certificates can be awarded for various achievements, like leading a successful security initiative, completing a significant amount of training, or significantly improving the security posture of a project.

  • Security Champion of the Month/Quarter/Year Award:
    Implement a periodic award program where Security Champions are nominated and selected for their outstanding contributions. This could include a physical trophy, certificate, or digital badge.

  • Performance Dashboard:
    Develop a dashboard that tracks and displays the contributions and achievements of each Security Champion. This could include metrics like issues resolved, training completed, or initiatives led. The dashboard can be used to identify candidates for rewards and recognition, in the form of gamification like security quizzes, etc.

  • Personal Development Plan Template:
    Offer a template for Security Champions to create their personal development plans. This plan can include their career goals, desired skills to acquire, and steps to achieve these goals, aligning with the organization’s opportunities for career advancement.

  • Feedback and Endorsement Forms:
    Create forms or systems for team members and managers to provide feedback or endorse Security Champions for their efforts. This feedback can be used as part of the evaluation process for awards and recognitions.

  • Event Sponsorship Policy:
    Create a policy or artifact detailing how Security Champions can be sponsored to attend relevant conferences, workshops, or training events. This not only rewards them but also contributes to their professional growth.

  • Milestone Badges or Pins:
    Design unique badges or pins that Security Champions can earn for reaching certain milestones or achievements. These can be physical items or digital badges for email signatures or internal profiles. Upon achieving specific badges, Security Champions can earn extended privileges like a mandate to review specific security policies, or a mandate to decide on specific risks or be part of security committees, etc.