Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

The Framework: Organization

The Organization Module is the second module of the Security Culture Framework. In this module, you are figuring out who to involve in organizing and running your security culture program as well as spending time defining different target audiences. The people to involve for organizing your work with security culture are not limited to the security department. It is vitally important…

More about Organization

My organization?

My organization, what do they know about security that may help me? You may ask when first learning about the Security Culture Framework in the organization module. As the expert at information security you are sure about that you have all the skills needed to educate your organization in how they shall adapt to the security rules that you have…

An ordinary data breach

  Recently I received an email from a nursing home. It was not meant for me, and it was full of confidential information. How did that happen? I am the owner of the domain merwe.nl and so I receive any mail addressed to email addresses ending with @merwe.nl. The nursing home has admitted a patient Van de Merwe and they…

Culture includes both the artist and their audience

  What does the word “culture” mean to you? When I think of culture I think of it as something that encompasses an entire society of people, not just a subset; so a security culture should consist of everyone within the scope of a security domain – whether that’s an organisation, group, location or other defined range. That said, your…

How Culture Impacts Negotiations

Security culture is not only about avoiding phishing, or setting strong passwords. Security culture also includes communication with others, and when communicating, we often find ourselves in a negotiation. Have you ever failed utterly at a negotiation, and later considered that perhaps differences in cultures was at play?

In this HBR video, you can learn how different cultures impacts how we negotiate, what is acceptable social behavior during negotiation, and how trust is built.

Should you prefer to, you may read the HBR article too, it is in-depth with nice examples.

How do you see culture creates barriers for security culture in your organisation? How can you use your new knowledge of culture and trust to break down those barriers?

Photo Credit.

Managing Security Resources: It is all about people and awareness

In this webinar, Steve Durbin of ISF, explains how to align the board and C-suits to the cybersecurity challenge. Steve discuss a risk-based information security awareness culture that will engage employees at all levels. Overcoming the challenge of attracting and retaining skilled cybersecurity workforce is a growing concern, and requires a more imaginative, business and people-centric approach than many organizations…

Who could you ask for help?

Asking for help is the recipe of winners: You are not alone in your organization, and asking for help from others is a great way to both involve them in your security culture program, and make them aware of your efforts. Who could you ask for help? With the SCF module Organization, you are figuring out who to involve in…

Security Awareness Cycle by Tom Mannerud

The Security Awareness Cycle – a supplement to the SCF!

Creating awareness and security culture requires a lot of hard work if you want to succeed. Using the Security Culture Framework, you can design and implement the security culture you want, which is great. The SCF itself offers an over-arching framework within which you can build and maintain your culture – but sometimes you want a more hands-on approach, a…

Understanding your audience: Using Personas

When you want your employees to understand your security awareness message, it is a good idea to make your message resonate with them. One step on that road is to realize that Realizing this is a first step to understand that most employees have other focuses, hobbies, interests, tasks and personality type than you and your security team. Analyzing your…

Promoting an Information Security Culture

Shan Lee of JustEat presenting how to promote a security culture at the Infosecwebinars today. The recorded webcast is available here: A direct link to the webcast page: https://www.brighttalk.com/webcast/288/161635 Shan is using his great humor to convey the message, and it is not dull!

Discuss and learn