The Organization Module is the second module of the Security Culture Framework. In this module, you are figuring out who to involve in organizing and running your security culture program as well as spending time defining different target audiences. The people to involve for organizing your work with security culture are not limited to the security department. It is vitally important…
More about Organization

Number 10th Anniversary of the [Security Culture Show #10]
Last year, when Mo and I created the Security Culture Show (podcast, vcast, hangout, whatever you prefer calling it), we had no idea of the level of success we would get. Today marks the tenth show, and we will celebrate a little. Or a lot, depending on what happens, I guess! What I do know, is that the show will…

45% of users are falling for phishing attack websites according to Google
Google Research published this report on their findings (PDF) about phishing websites. One of their findings is that as many as 45% of visitors give up personal identifiable information (PII) when they arrive at a phishing site. The less successful sites captures data from around 3% of the visitors only. Another important factor the research show is that most accounts are…
Branding Your Information Security Team
I’ve always thought that information security teams should create a brand for themselves and act as an internal consultancy function. If you have a marketing and/or PR team you could use their expertise in doing this and even if you don’t, you can do a little research and see what techniques are used in those fields. Anyone have any thoughts…

The Organization Module
The Organization Module is the second module of the Security Culture Framework. In this module, you are figuring out who to involve in organizing and running your security culture program as well as spending time defining different target audiences. The people to involve for organizing your work with security culture are not limited to the security department. It is vitally important…

Organizing the work and gaining support
In The Security Culture Framework, an important factor is to use the right competence in the right places. The maturity of the organization within the field of security will be an important factor on how the work is organized. As an example it is important that the security person responsible understands that to build a culture of security requires more…
Organization Templates
Template: Project Team Members
ROLES AND RESPONSIBILITIES Review the following roles, confirm responsibilities, add roles as needed and confirm team structure, e.g., core vs. extended team. This template is just that – a template you can (and should) change to your needs. Security Culture Program Governance As with any other projects and programs you undertake, you should have governance in place. These are the…
Template: Audience Analysis
Audience Analysis Template Use this template to analyze your target audience. Each column represent an office location (think multinational), a department (think sales, accounting, IT etc), or subgroups within a department (think personality types, learning preferences). The template comes pre-populated with row-titles. These can be changed depending on your needs and requirements. The purpose of this template is to help…