Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

The Framework: Topics

The Topics module is used to determine which topics to train in order to reach your targets. There are a large numbers of different topics to train to succesfully create security culture, from technical areas, via passwords, policies and legalities, to how to discover social engineering attempts. The Topics module lists topics that are relevant to create and maintain security…

More about Topics

An ordinary data breach

  Recently I received an email from a nursing home. It was not meant for me, and it was full of confidential information. How did that happen? I am the owner of the domain merwe.nl and so I receive any mail addressed to email addresses ending with @merwe.nl. The nursing home has admitted a patient Van de Merwe and they…

What can you change today?

Be holistic! Use Policies, Competence and Technology together to change security behaviors: What can you change today? The Topics module is used to determine which topics to train in order to reach your targets. There are a large numbers of different topics to train to succesfully create security culture, from technical areas, via passwords, policies and legalities, to how to discover…

What activities do you use?

Activities that resonate: Use your security culture activities, to resonate with your target audience. What activities do you use? The Topics module is used to determine which topics to train in order to reach your targets. There are a large numbers of different topics to train to succesfully create security culture, from technical areas, via passwords, policies and legalities, to…

How do you communicate today?

Adapt your message: Make your employees understand by adapting your message to their needs. How do you communicate today? The Topics module is used to determine which topics to train in order to reach your targets. There are a large numbers of different topics to train to succesfully create security culture, from technical areas, via passwords, policies and legalities, to…

Security Awareness Cycle by Tom Mannerud

The Security Awareness Cycle – a supplement to the SCF!

Creating awareness and security culture requires a lot of hard work if you want to succeed. Using the Security Culture Framework, you can design and implement the security culture you want, which is great. The SCF itself offers an over-arching framework within which you can build and maintain your culture – but sometimes you want a more hands-on approach, a…

How secure is your password?

One way to help your users understand what a poor password is, is to demonstrate it for them. With the right equipment, you can easily set up a password cracking lab for a lunch-and-learn (most likely, the IT or security department already have the required tools available). You may also point users to a site like https://howsecureismypassword.net/ where your employees may type…

Promoting an Information Security Culture

Shan Lee of JustEat presenting how to promote a security culture at the Infosecwebinars today. The recorded webcast is available here: A direct link to the webcast page: https://www.brighttalk.com/webcast/288/161635 Shan is using his great humor to convey the message, and it is not dull!

Number 10th Anniversary of the [Security Culture Show #10]

Last year, when Mo and I created the Security Culture Show (podcast, vcast, hangout, whatever you prefer calling it), we had no idea of the level of success we would get. Today marks the tenth show, and we will celebrate a little. Or a lot, depending on what happens, I guess! What I do know, is that the show will…

Discuss and learn