For IT a “playground” is a separated part of the internal network or a single computer without network connectivity. This is required to test unknown or experimental software, what can include to study a new virus without having the risk to infect the organization’s computers. Thanks to this, IT experts can understand the behavior of the software and whatever damage it could cause. The results are needed to update the anti-virus-protection.
A Compliance department can use this setup as a best practice. Today in most companies the Compliance controls, guidelines and tools are established. Luckily corrupt employees are rare, so in many cases the internal Compliance system never had to prove itself against a high level violation. So how are we sure that it protects the organization?
Various companies hire “White Hat Hackers”, often on success fee. Their task is to hack the organization’s computers and later inform the management how they did it. This to close safety leaks and make the protection more solid. A similar attempt can be taken by Compliance, external or semi-external resources can be used for a particular workshop. The task: “How can I win a project with a bribe and not get caught by the internal controls?” The participants could be student or interns. Internal employees might be problematic. They could be cautious not to create the impression that they know how to bypass internal processes, as they may fear to come up on the “Compliance Radar”.
The human brain is a super-computer, what includes the risk of getting hacked. This could be by integrated psychological effects (“Ethical Blindness”) or an external individual using social engineering. For this, the only protection is prevention. Internal workshops should include case-discussions or even role-plays to bring the employees into such a stress situation. In a relaxed atmosphere of a playground they take their role in the case discussion and are not afraid to come up with crazy or potentially not-desired ideas. If a certain solution is learned for a similar example, the employee can activate this behavior in a stress situation and not depends on the search for a complete new solution, which under stress can easily lead to negative results for them-selves and or their organization.