Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

The Framework: Templates

Welcome to the Security Culture Framework, the free and open framework to build and maintain security culture. This is a community site where you can download templates, discuss best practices, share and learn about the Security Culture Framework, and about how to create lasting security culture in your organization. If you want to do more than just reading the main…

More about


Planning a security culture campaign

The successful implementation and execution of a security culture campaign comes from careful planning. Using the Security Culture Framework, planning follows a cycle, a process of clearly defined steps. A campaign goes through the series like this:

  1. Define your goals
  2. Involve and engage
  3. Run activities
  4. Execute and measure
  5. Celebrate and start again!

The steps are visualized in this poster. Download it and use it. Or just share it with someone who may need it!


Template: 12 Weeks Campaign Planner

This template is designed to help you set up and plan a 12-week security culture Campaign. The template is divided into three sheets: Activities; Metrics; and Revisions.  Download Excel: 12-week-campaign-template Download PDF: 12-week-campaign-template Activities The Activities part of the template start at week 5. This is when you start to run the actual activities you have selected in the Topics module in…

Template: Project Team Members

ROLES AND RESPONSIBILITIES Review the following roles, confirm responsibilities, add roles as needed and confirm team structure, e.g., core vs. extended team.  This template is just that – a template you can (and should) change to your needs. Security Culture Program Governance As with any other projects and programs you undertake, you should have governance in place. These are the…

Template: Activities

Template: Activities This template can be used to detail the activities to be conducted in a security culture campaign. Description Goal: Which goal will this activity help you achieve? (Metrics module) Title: Give the activity a descriptive name: E-learning for Phishing Type: What type of activity is this? (e-learning, classroom, poster, etc) Category: In case you use categories in your…

Template: Audience Analysis

Audience Analysis Template Use this template to analyze your target audience. Each column represent an office location (think multinational), a department (think sales, accounting, IT etc), or subgroups within a department (think personality types, learning preferences). The template comes pre-populated with row-titles. These can be changed depending on your needs and requirements. The purpose of this template is to help…

Template: Setting goals

This template let’s you define goals, and your current situation. Use the template to define your goal(s), and as a basis for a GAP analysis of your current situation compared to your goal. Click the link to download: TemplateSettingGoals