Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Author Archive for Daniel Andersson

Daniel is a senior security manager in the banking and card industry; he has worked with PCI DSS since 2005. Daniel has a broad experience regarding implementation of PCI DSS. Daniel also has an IT engineering background working with a broad selection of platforms and communication equipment. Daniel is ISACA Certified Information Security Manager (CISM) and PCI Professional (PCIP) and certified Security Culture Practitioner.

WannaCry ransomware

In the aftermath of the big outbreak of WannaCry with the effect that hospitals in UK had to close, large companies had to put huge effort in restoration of their services and to date unknown damages from companies to yet reporting about their issues, we need to look into why it was possible to perform such attack, such easy. The…

Are your information security goals SMART?

Have you already set your goals for your information security program? Did you ensure that the goals are Specific, Measurable, Achievable, Relevant and Time-specific (S.M.A.R.T)? Ensure that your goals are S.M.A.R.T! And you may ask yourself, how do I know if my goals are SMART? Let’s demonstrate how you can take a goal and test it Let’s assume you set…

My organization?

My organization, what do they know about security that may help me? You may ask when first learning about the Security Culture Framework in the organization module. As the expert at information security you are sure about that you have all the skills needed to educate your organization in how they shall adapt to the security rules that you have…

Why you should invest in security culture

Security investments is often seen as buying either hardware or software to protect our assets, both physical and logical, often this is not enough to ensure that we achieve the security levels we seek. The missing part of the investments is often in building knowledge, culture and understanding. If we provide people with valuable assets, such as information, we must…

Metrics, a technical drill down

We all see that the goal is one of the most important parts in a journey, but without a clear understanding on where we are at the moment it is hard to know how long the journey will take and even in what direction the journey should start. In the security culture framework we do take care of ensuring that…

%d bloggers like this: