Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Welcome aboard!

Welcome to the Security Culture Framework, the free and open framework to build and maintain security culture. This is a community site where you can download templates, discuss best practices, share and learn about the Security Culture Framework, and about how to create lasting security culture in your organization. If you want to do more than just reading the main…

Sensitive medical data exposed to Internet

In Sweden there is an ongoing reveal of a security incident related to the medical services that 1177.se delivers. 1177 is a joint effort amongst the public sector in Sweden to provide health care advise via Internet and phone also acting as a portal to other health care services that is online. All phone calls are routed to different private…

Notice of Breach

To students at the SCF Training / CSCFP Online Certification Course:  (Note: This is not related the website of the Security Culture Framework, it is only related to the website https://learn.roer.com which is an alias of https://learn.clt.re)  We were just notified by our cloud provide Teachable that they discovered a security breach that may have affected some of our students.…

Password re-use reflections from Passwordscon 2018

After two days at the Passwordscon 2018 at Internetdagarna here in Stockholm one of the main take- away was the big problem of password re-usage, which boils down to the problem that a user has the same password on multiple accounts. As an organisation it is not possible to control if an employee uses his “corporate” password in other places…

Security Culture Framework Forum moved to LinkedIn Groups

For many years, the Security Culture Framework maintained a discussion forum on this website to enable our members to share and learn best practices of building and maintaining security culture. A decision has been made to move the forum to LinkedIn. The Security Culture Community believes that the LinkedIn Groups are a better choice to foster a positive discussion for…

Security Culture Report 2018 – Measure to Improve

Today, CLTRe published its second annual security culture report. The Security Culture Report 2018 – Measure to Improve explores how the security cultures of over 20,000 employees, speaking 7 languages, compare. As well as providing the first ever global industry benchmarks for Bank & Finance, ICT, Retail & Wholesale Trade, and Real Estate, the report examines how security culture has…

Building a security culture management platform – a brief history

Changing culture isn’t easy. It takes time and requires sustained efforts. Established in 2015, CLTRe was created to answer the question, how do you measure security culture? – a question that Kai Roer (the creator of the SCF) often got asked whenever he was engaged in conversations on how to build security culture and the importance of metrics. Together with the pooled knowledge…