Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Welcome aboard!

Welcome to the Security Culture Framework, the free and open framework to build and maintain security culture. This is a community site where you can download templates, discuss best practices, share and learn about the Security Culture Framework, and about how to create lasting security culture in your organization. If you want to do more than just reading the main…

Volunteer position: Webmaster

The Security Culture Framework and community is looking for a webmaster / website maintainer to take care of the website. As a webmaster, you will be given the opportunity to choose what technology to use for hosting our files, blog, forums and articles. Today, the platform is WP (hosted), with BBPress, BBForums and some custom updates to the template used.…

WannaCry ransomware

In the aftermath of the big outbreak of WannaCry with the effect that hospitals in UK had to close, large companies had to put huge effort in restoration of their services and to date unknown damages from companies to yet reporting about their issues, we need to look into why it was possible to perform such attack, such easy. The…

Security Culture Person of the Year Award 2017 goes to…

During a meeting of the Security Culture Community in Oslo, June 2017, Kai Roer, CEO of CLTRe and founder of the community, awarded Chris Karelse and Martine van de Merwe from the Netherlands as Security Culture Persons of the Year 2017. To quote Kai’s words during the award ceremony: “I’m here today to present the Security Culture Person Award to…

The Security Culture Conference 2016

A couple of weeks ago I was back in beautiful Oslo (One of my favourite cities – I could definitely live there!) for the Security Culture Conference. Last year we had around 25 people for the inaugural conference which was held on an island just outside the city – see my write up on that here. This year, however, the…

Serious gaming: learning to identify risks

Gaming in security culture training is not about learning rules by heart, but about learning to identify risks.   Serious gaming is a way to enhance the security culture among employees. To learn more about the impact of gaming, I organized a meeting of the Security Culture User Group the Netherlands on the subject. In this blog I share some…

Are your information security goals SMART?

Have you already set your goals for your information security program? Did you ensure that the goals are Specific, Measurable, Achievable, Relevant and Time-specific (S.M.A.R.T)? Ensure that your goals are S.M.A.R.T! And you may ask yourself, how do I know if my goals are SMART? Let’s demonstrate how you can take a goal and test it Let’s assume you set…

Subjective Metrics

The Security Culture Framework, quite rightly, suggests you begin your journey towards a security culture by looking at metrics. Start out by defining the current situation, known as As-Is. Then, document your target situation, known as To-Be. The next stage is to conduct a gap analysis between the two states. The SCF then goes on to talk about result goals…

CLTRe Crew at CeBIT 2016

Last week, the Security Culture Framework was showcased at the huge, global ICT-event CeBIT in Germany. The SCF was showcased by CLTRe, the Norwegian company that assess, build and improve security culture with their SaaS-based toolkit. CLTRe was at CeBIT as part of the IBM booth. As you can see on the pictures below, CLTRe and IBM had a great…

How much is privacy worth?

Finding medical information in old paper files is time consuming and therefore costly. Let’s scan the lot and link it to our electronic health records! Of course at low costs. No problem in the prize fighter market of scanning companies.   Detainees working with our medical records Recently public broadcast corporation Max broadcasted a documentary in the Netherlands on hospitals…

%d bloggers like this: