Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

My organization?

My organization, what do they know about security that may help me? You may ask when first learning about the Security Culture Framework in the organization module. As the expert at information security you are sure about that you have all the skills needed to educate your organization in how they shall adapt to the security rules that you have…

An ordinary data breach

  Recently I received an email from a nursing home. It was not meant for me, and it was full of confidential information. How did that happen? I am the owner of the domain merwe.nl and so I receive any mail addressed to email addresses ending with @merwe.nl. The nursing home has admitted a patient Van de Merwe and they…

Culture includes both the artist and their audience

  What does the word “culture” mean to you? When I think of culture I think of it as something that encompasses an entire society of people, not just a subset; so a security culture should consist of everyone within the scope of a security domain – whether that’s an organisation, group, location or other defined range. That said, your…

How do you define your goals?

Know your goal Your security culture program success is a direct result of your direction and your goals. How do you define your goals? With the SCF module Metrics, you set goals, define your baseline and decide how to measure security culture in your organization/program. Read more on the Metrics module: https://securitycultureframework.net/category/framework/metrics/

The Security Culture Framework community wishes you a Happy Holiday Season!

2015 have been an amazing year for the Security Culture Framework! Here are a few highlights: More than 400 organisations worldwide use the SCF We have doubled the number of SCF Members in less than 6 months The Security Culture Conference 2015 was a huge success, drawing people from around the world to Oslo to discuss and learn about culture…

What can you change today?

Be holistic! Use Policies, Competence and Technology together to change security behaviors: What can you change today? The Topics module is used to determine which topics to train in order to reach your targets. There are a large numbers of different topics to train to succesfully create security culture, from technical areas, via passwords, policies and legalities, to how to discover…

What are your goals?

Measure your success: Define clear goals using the SMART makes it easy to know if you fail or succeed. What are your goals? With the SCF module Metrics, you set goals, define your baseline and decide how to measure security culture in your organization/program. Read more on the Metrics module: https://securitycultureframework.net/category/framework/metrics/

How Culture Impacts Negotiations

Security culture is not only about avoiding phishing, or setting strong passwords. Security culture also includes communication with others, and when communicating, we often find ourselves in a negotiation. Have you ever failed utterly at a negotiation, and later considered that perhaps differences in cultures was at play?

In this HBR video, you can learn how different cultures impacts how we negotiate, what is acceptable social behavior during negotiation, and how trust is built.

Should you prefer to, you may read the HBR article too, it is in-depth with nice examples.

How do you see culture creates barriers for security culture in your organisation? How can you use your new knowledge of culture and trust to break down those barriers?

Photo Credit.

Why you should invest in security culture

Security investments is often seen as buying either hardware or software to protect our assets, both physical and logical, often this is not enough to ensure that we achieve the security levels we seek. The missing part of the investments is often in building knowledge, culture and understanding. If we provide people with valuable assets, such as information, we must…

Metrics, a technical drill down

We all see that the goal is one of the most important parts in a journey, but without a clear understanding on where we are at the moment it is hard to know how long the journey will take and even in what direction the journey should start. In the security culture framework we do take care of ensuring that…

%d bloggers like this: