Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Security Culture Framework recommended by ENISA

ENISA recommend the Security Culture Framework in new report

Wow, I am so happy to share this news with you! In the Cyber Security Culture in Organisations report by ENISA, they propose a process on building security culture that is based directly off the Security Culture Framework. The report goes to great length to describe each element, and even divide them into smaller parts to make it easier to implement.

Why is this such a big deal? ENISA is the EU’s security unit, focusing on policy-making and sharing best practices. When ENISA recommends a process or method, EU listens. And when EU listens, things starts to happen. Being referred to and recommended by ENISA means that the SCF is officially being used by policymakers, and recommended as a best-practice. To all of us using the SCF, all around the world, this is confirmation that we are doing the right thing. Perhaps now it will be easier to get more funding for your security culture programme?

In addition to building on the SCF, ENISA recommends measuring security culture using the CLTRe Toolkit. In these GDPR-days, measuring security culture becomes more important too – in Article 32, 1d, GDPR requires organisations to measure the effectiveness of their controls, also the organizational. This requirement means that not only do you have to do some activities, you also need to show that the activities have an effect. Exactly what the SCF is designed to help you with, and the CLTRe Toolkit measures.

I want to thank you all for making this possible. It has been a long process, as you all know, and something to celebrate during the next Security Culture conference!

 

Engage me!

Kai Roer

Creator of the Security Culture Framework at CLTRe
An engaging and award winning specialist on security behaviors and security culture, I provide organizations around the world with advice on assessing, building and maintaining good security culture using the Security Culture Framework. I am working with researchers and practitioners worldwide to bring insights on human behavior from a security perspective, thus creating better products, services and organizations.

Recognitions (Selection)
* Ron Knode Service Award by the Cloud Security Alliance
* NCI Fellow at the National Cybersecurity Institute in Washington DC
* JCI ITF #132
* Amazon Bestselling Author

Author/editor of the success books:
* Build a Security Culture, IT-Governance 2015
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author), The Roer Group 2012
* The Leaders Workbook, The Roer Group 2010
Engage me!