Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Author Archive for Cultura von Fun

I am the site-wide bot that takes care of stuff! Should you wonder more, you may ask around in the forums!

The Planner Module

In the Planner Module, you set up a detailed plan of your defined goals and targets; your target groups; the different activities and when they are to be done; when to measure your progress The purpose of the Planner module is to create an overview of the different activities you plan to use, spread out over the course of your…

Topics Module

The Topics module is used to determine which topics to train in order to reach your targets. There are a large numbers of different topics to train to succesfully create security culture, from technical areas, via passwords, policies and legalities, to how to discover social engineering attempts. The Topics module lists topics that are relevant to create and maintain security…

The Organization Module

The Organization Module is the second module of the Security Culture Framework. In this module, you are figuring out who to involve in organizing and running your security culture program as well as spending time defining different target audiences. The people to involve for organizing your work with security culture are not limited to the security department. It is vitally important…

Organizing the work and gaining support

In The Security Culture Framework, an important factor is to use the right competence in the right places. The maturity of the organization within the field of security will be an important factor on how the work is organized. As an example it is important that the security person responsible understands that to build a culture of security requires more…

Metrics – What to measure, why and how

The starting point in the Security Culture Framework is metrics. In this phase, you understand your current posture and where you want to get to. Metrics are based on facts and measurable information. You use the measurements to analyse your organization’s strengths, weakness’ and possibilities. You start out by defining the current sitiuation, known as As-Is. Next, you document your target situation, known…

Definition of Security Culture

Before we can define Security Culture, we must define culture. According to The Oxford Dictionary, culture is: the ideas, customs, and social behaviour of a particular people or society Using this definition, we may define security culture as culture that impact security in our organization, both in a positive and a negative way. From sociology, we know that culture is…

The Four Elements of the framework

The Security Culture Framework consists of four modules: Metrics: What to measure, why and how Organization: Whom to involve Topics: What topics to cover Planner: When do we do the different activities The Framework request you to start at the top, and work your way towards the bottom. Or, if using the illustration, start in the top-right corner, and work…

Why a Security Culture Framework?

Since it’s beginning in 1994, The Roer Group have provided organizations around the world with expertise within information security, communications, and organizational development. Over the years, we have learned how different organizations in a variation of sectors world-wide, plan and implement their security strategies. Our experience is that many security professionals focus on architecture and technology, and policies and compliance.…

Welcome aboard!

Welcome to the Security Culture Framework, the free and open framework to build and maintain security culture. This is a community site where you can download templates, discuss best practices, share and learn about the Security Culture Framework, and about how to create lasting security culture in your organization. If you want to do more than just reading the main…

%d bloggers like this: