Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Welcome aboard!

Welcome to the Security Culture Framework, the free and open framework to build and maintain security culture. This is a community site where you can download templates, discuss best practices, share and learn about the Security Culture Framework, and about how to create lasting security culture in your organization. If you want to do more than just reading the main…

Notice of Breach

To students at the SCF Training / CSCFP Online Certification Course:  (Note: This is not related the website of the Security Culture Framework, it is only related to the website https://learn.roer.com which is an alias of https://learn.clt.re)  We were just notified by our cloud provide Teachable that they discovered a security breach that may have affected some of our students.…

Password re-use reflections from Passwordscon 2018

After two days at the Passwordscon 2018 at Internetdagarna here in Stockholm one of the main take- away was the big problem of password re-usage, which boils down to the problem that a user has the same password on multiple accounts. As an organisation it is not possible to control if an employee uses his “corporate” password in other places…

Security Culture Framework Forum moved to LinkedIn Groups

For many years, the Security Culture Framework maintained a discussion forum on this website to enable our members to share and learn best practices of building and maintaining security culture. A decision has been made to move the forum to LinkedIn. The Security Culture Community believes that the LinkedIn Groups are a better choice to foster a positive discussion for…

Security Culture Report 2018 – Measure to Improve

Today, CLTRe published its second annual security culture report. The Security Culture Report 2018 – Measure to Improve explores how the security cultures of over 20,000 employees, speaking 7 languages, compare. As well as providing the first ever global industry benchmarks for Bank & Finance, ICT, Retail & Wholesale Trade, and Real Estate, the report examines how security culture has…

Building a security culture management platform – a brief history

Changing culture isn’t easy. It takes time and requires sustained efforts. Established in 2015, CLTRe was created to answer the question, how do you measure security culture? – a question that Kai Roer (the creator of the SCF) often got asked whenever he was engaged in conversations on how to build security culture and the importance of metrics. Together with the pooled knowledge…

Security Culture Framework recommended by ENISA

Wow, I am so happy to share this news with you! In the Cyber Security Culture in Organisations report by ENISA, they propose a process on building security culture that is based directly off the Security Culture Framework. The report goes to great length to describe each element, and even divide them into smaller parts to make it easier to…

Security Culture Framework Community – CLTRe needs you!

UPDATE: Thank you so much for your votes and support! CLTRe, and thus by extension the Security Culture Framework, WON the Tech Trailblazers Firestarter Award! Thank you thank you thank you!     We are delighted that CLTRe have been selected as a finalist in the Firestarter Trailblazer category in the Tech Trailblazers Awards 2017. The shortlists have been selected…

Volunteer position: Webmaster

The Security Culture Framework and community is looking for a webmaster / website maintainer to take care of the website. As a webmaster, you will be given the opportunity to choose what technology to use for hosting our files, blog, forums and articles. Today, the platform is WP (hosted), with BBPress, BBForums and some custom updates to the template used.…

WannaCry ransomware

In the aftermath of the big outbreak of WannaCry with the effect that hospitals in UK had to close, large companies had to put huge effort in restoration of their services and to date unknown damages from companies to yet reporting about their issues, we need to look into why it was possible to perform such attack, such easy. The…