Welcome to the Security Culture Framework, the free and open framework to build and maintain security culture. This is a community site where you can download templates, discuss best practices, share and learn about the Security Culture Framework, and about how to create lasting security culture in your organization. If you want to do more than just reading the main…
Are your employees the weakest link or a firewall?
The security industry tends to view the average employee one of two ways: as the weakest link in the security chain or as part of a human firewall. But humans are more complex than these two paradigms suggests.
What is the cost of being victim of a cyber attack?
During the past years GDPR has set the tone for what the cost may be for security incidents, however there are more to it than only fines, today news came that Norsk Hydro had suffer from a cyber attack which brings down the automation in many of their factories, the direct result of this has been a 2,99% loss in…
Sensitive medical data exposed to Internet
In Sweden there is an ongoing reveal of a security incident related to the medical services that 1177.se delivers. 1177 is a joint effort amongst the public sector in Sweden to provide health care advise via Internet and phone also acting as a portal to other health care services that is online. All phone calls are routed to different private…
An evidence-based approach is the key to security culture success
Want to know how you can document a decrease in risky behaviors of up to 16.7% or a 17-point increase in individuals’ sense of responsibility towards security?
Learn how security culture metrics can be used to indicate the effectiveness of security culture strategy in your organization, and improve it!
Notice of Breach
To students at the SCF Training / CSCFP Online Certification Course: (Note: This is not related the website of the Security Culture Framework, it is only related to the website https://learn.roer.com which is an alias of https://learn.clt.re) We were just notified by our cloud provide Teachable that they discovered a security breach that may have affected some of our students.…
Password re-use reflections from Passwordscon 2018
After two days at the Passwordscon 2018 at Internetdagarna here in Stockholm one of the main take- away was the big problem of password re-usage, which boils down to the problem that a user has the same password on multiple accounts. As an organisation it is not possible to control if an employee uses his “corporate” password in other places…
Security Culture Framework Forum moved to LinkedIn Groups
For many years, the Security Culture Framework maintained a discussion forum on this website to enable our members to share and learn best practices of building and maintaining security culture. A decision has been made to move the forum to LinkedIn. The Security Culture Community believes that the LinkedIn Groups are a better choice to foster a positive discussion for…
Security Culture Report 2018 – Measure to Improve
Today, CLTRe published its second annual security culture report. The Security Culture Report 2018 – Measure to Improve explores how the security cultures of over 20,000 employees, speaking 7 languages, compare. As well as providing the first ever global industry benchmarks for Bank & Finance, ICT, Retail & Wholesale Trade, and Real Estate, the report examines how security culture has…
Who do you share your security culture with?
We all know that we live in a world where we do share sensitive data with business partners, and we expect them to protect our data, which is not always the case. A while ago I decided to buy a used USB disc at a flee market to conduct an experiment to see how much data people leave on their…
Building a security culture management platform – a brief history
Changing culture isn’t easy. It takes time and requires sustained efforts. Established in 2015, CLTRe was created to answer the question, how do you measure security culture? – a question that Kai Roer (the creator of the SCF) often got asked whenever he was engaged in conversations on how to build security culture and the importance of metrics. Together with the pooled knowledge…