The starting point in the Security Culture Framework is metrics. In this phase, you understand your current posture and where you want to get to. Metrics are based on facts and measurable information. You use the measurements to analyse your organization’s strengths, weakness’ and possibilities. You start out by defining the current sitiuation, known as As-Is. Next, you document your target situation, known…
More about Metrics

Are your employees the weakest link or a firewall?
The security industry tends to view the average employee one of two ways: as the weakest link in the security chain or as part of a human firewall. But humans are more complex than these two paradigms suggests.

An evidence-based approach is the key to security culture success
Want to know how you can document a decrease in risky behaviors of up to 16.7% or a 17-point increase in individuals’ sense of responsibility towards security?
Learn how security culture metrics can be used to indicate the effectiveness of security culture strategy in your organization, and improve it!

Building a security culture management platform – a brief history
Changing culture isn’t easy. It takes time and requires sustained efforts. Established in 2015, CLTRe was created to answer the question, how do you measure security culture? – a question that Kai Roer (the creator of the SCF) often got asked whenever he was engaged in conversations on how to build security culture and the importance of metrics. Together with the pooled knowledge…

How do you define your goals?
Know your goal Your security culture program success is a direct result of your direction and your goals. How do you define your goals? With the SCF module Metrics, you set goals, define your baseline and decide how to measure security culture in your organization/program. Read more on the Metrics module: https://securitycultureframework.net/category/framework/metrics/

What are your goals?
Measure your success: Define clear goals using the SMART makes it easy to know if you fail or succeed. What are your goals? With the SCF module Metrics, you set goals, define your baseline and decide how to measure security culture in your organization/program. Read more on the Metrics module: https://securitycultureframework.net/category/framework/metrics/

Metrics, a technical drill down
We all see that the goal is one of the most important parts in a journey, but without a clear understanding on where we are at the moment it is hard to know how long the journey will take and even in what direction the journey should start. In the security culture framework we do take care of ensuring that…

The art of a good password – what is it, really?
Myp0ppy vs. UX*7(æ#6VbuiRomeo_and-Juliet8loVe4Ø&% You may wonder whether the blog author has lost his mind using a subtitle as the one above. Is he writing a piece about a battle of intergalactic entities, or if the topic is about a fight between a dog and a machine? Way off (one may of course argue the former)! My topic this time is about passwords and password…

What goals do you have?
Build culture with goals: Set the goals of your security culture program early, and use them to direct your actions. What goals do you have? With the SCF module Metrics, you set goals, define your baseline and decide how to measure security culture in your organization/program. Read more on the Metrics module: https://securitycultureframework.net/category/framework/metrics/

How do you measure culture?
Metrics Matter: Knowing how to measure your progress and results, is key to your security awareness program. How do you measure culture? With the SCF module Metrics, you set goals, define your baseline and decide how to measure security culture in your organization/program. Read more on the Metrics module: https://securitycultureframework.net/category/framework/metrics/

The Security Awareness Cycle – a supplement to the SCF!
Creating awareness and security culture requires a lot of hard work if you want to succeed. Using the Security Culture Framework, you can design and implement the security culture you want, which is great. The SCF itself offers an over-arching framework within which you can build and maintain your culture – but sometimes you want a more hands-on approach, a…