Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

The Framework: Organization

The Organization Module is the second module of the Security Culture Framework. In this module, you are figuring out who to involve in organizing and running your security culture program as well as spending time defining different target audiences. The people to involve for organizing your work with security culture are not limited to the security department. It is vitally important…

More about Organization

Branding Your Information Security Team

I’ve always thought that information security teams should create a brand for themselves and act as an internal consultancy function. If you have a marketing and/or PR team you could use their expertise in doing this and even if you don’t, you can do a little research and see what techniques are used in those fields. Anyone have any thoughts…

The Organization Module

The Organization Module is the second module of the Security Culture Framework. In this module, you are figuring out who to involve in organizing and running your security culture program as well as spending time defining different target audiences. The people to involve for organizing your work with security culture are not limited to the security department. It is vitally important…

Organizing the work and gaining support

In The Security Culture Framework, an important factor is to use the right competence in the right places. The maturity of the organization within the field of security will be an important factor on how the work is organized. As an example it is important that the security person responsible understands that to build a culture of security requires more…

Organization Templates

Template: Project Team Members

ROLES AND RESPONSIBILITIES Review the following roles, confirm responsibilities, add roles as needed and confirm team structure, e.g., core vs. extended team.  This template is just that – a template you can (and should) change to your needs. Security Culture Program Governance As with any other projects and programs you undertake, you should have governance in place. These are the…

Template: Audience Analysis

Audience Analysis Template Use this template to analyze your target audience. Each column represent an office location (think multinational), a department (think sales, accounting, IT etc), or subgroups within a department (think personality types, learning preferences). The template comes pre-populated with row-titles. These can be changed depending on your needs and requirements. The purpose of this template is to help…