Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Welcome aboard!

Welcome to the Security Culture Framework, the free and open framework to build and maintain security culture. This is a community site where you can download templates, discuss best practices, share and learn about the Security Culture Framework, and about how to create lasting security culture in your organization. If you want to do more than just reading the main…

Security Culture Report 2018 – Measure to Improve

Today, CLTRe published its second annual security culture report. The Security Culture Report 2018 – Measure to Improve explores how the security cultures of over 20,000 employees, speaking 7 languages, compare. As well as providing the first ever global industry benchmarks for Bank & Finance, ICT, Retail & Wholesale Trade, and Real Estate, the report examines how security culture has…

Building a security culture management platform – a brief history

Changing culture isn’t easy. It takes time and requires sustained efforts. Established in 2015, CLTRe was created to answer the question, how do you measure security culture? – a question that Kai Roer (the creator of the SCF) often got asked whenever he was engaged in conversations on how to build security culture and the importance of metrics. Together with the pooled knowledge…

Security Culture Framework recommended by ENISA

Wow, I am so happy to share this news with you! In the Cyber Security Culture in Organisations report by ENISA, they propose a process on building security culture that is based directly off the Security Culture Framework. The report goes to great length to describe each element, and even divide them into smaller parts to make it easier to…

Security Culture Framework Community – CLTRe needs you!

UPDATE: Thank you so much for your votes and support! CLTRe, and thus by extension the Security Culture Framework, WON the Tech Trailblazers Firestarter Award! Thank you thank you thank you!     We are delighted that CLTRe have been selected as a finalist in the Firestarter Trailblazer category in the Tech Trailblazers Awards 2017. The shortlists have been selected…

Volunteer position: Webmaster

The Security Culture Framework and community is looking for a webmaster / website maintainer to take care of the website. As a webmaster, you will be given the opportunity to choose what technology to use for hosting our files, blog, forums and articles. Today, the platform is WP (hosted), with BBPress, BBForums and some custom updates to the template used.…

WannaCry ransomware

In the aftermath of the big outbreak of WannaCry with the effect that hospitals in UK had to close, large companies had to put huge effort in restoration of their services and to date unknown damages from companies to yet reporting about their issues, we need to look into why it was possible to perform such attack, such easy. The…

Security Culture Person of the Year Award 2017 goes to…

During a meeting of the Security Culture Community in Oslo, June 2017, Kai Roer, CEO of CLTRe and founder of the community, awarded Chris Karelse and Martine van de Merwe from the Netherlands as Security Culture Persons of the Year 2017. To quote Kai’s words during the award ceremony: “I’m here today to present the Security Culture Person Award to…

The Security Culture Conference 2016

A couple of weeks ago I was back in beautiful Oslo (One of my favourite cities – I could definitely live there!) for the Security Culture Conference. Last year we had around 25 people for the inaugural conference which was held on an island just outside the city – see my write up on that here. This year, however, the…

Serious gaming: learning to identify risks

Gaming in security culture training is not about learning rules by heart, but about learning to identify risks.   Serious gaming is a way to enhance the security culture among employees. To learn more about the impact of gaming, I organized a meeting of the Security Culture User Group the Netherlands on the subject. In this blog I share some…