The Security Culture Framework, quite rightly, suggests you begin your journey towards a security culture by looking at metrics. Start out by defining the current situation, known as As-Is. Then, document your target situation, known as To-Be. The next stage is to conduct a gap analysis between the two states. The SCF then goes on to talk about result goals…
Author Archive for Rob Horne
Rob has many years experience in security management and assurance. Currently he's on long-term assignment to UK Government.
Culture includes both the artist and their audience
What does the word “culture” mean to you? When I think of culture I think of it as something that encompasses an entire society of people, not just a subset; so a security culture should consist of everyone within the scope of a security domain – whether that’s an organisation, group, location or other defined range. That said, your…