Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Template: Activities

Template: Activities

This template can be used to detail the activities to be conducted in a security culture campaign.


Goal: Which goal will this activity help you achieve? (Metrics module)

Title: Give the activity a descriptive name: E-learning for Phishing

Type: What type of activity is this? (e-learning, classroom, poster, etc)

Category: In case you use categories in your taxonomy

Resources required: Which resources (people, equipment, rooms etc) do you need?

Cost: What is the needed budget?

Source/Supplier: Where will you get the activity from? Internal? Supplier? Download? Details are good!

Owner of Activity: Who is the internal owner for this activity? This person is in charge of sourcing, QA, running the activity and evaluating the efforts afterwords.

Why is this a good activity: Explain why / how this activity will help you reach your defined goal. You may not remember 6 or 12 months from now.

Ordered: Depending on your preferences: Tick a box, or add the date of the order.

By whom: Add the name of the person who ordered it.

Activity to start: When does this activity start? Date is good, time of day even better!

Activity to end: When is this activity finished?

Completed: Tick the box, sign, and/or add your name/signature.

Date: As above.

Results: What are the results from running this activity? Unless you have set a metric measuring this particular activity, use metrics from the campaign. The more detailed you are, the better. The purpose here is to add information you can use to analyze and backtrack your steps later on.

Changes for the next run: Write down your thoughts and ideas for changing this particular activity next time you will run it. Any ideas goes. You may also want to explain why you want those changes – you may not remember your thoughts a year from now.

Notes: Anything goes here.

Download the template (PDF): template_activities

Engage me!

Kai Roer

Creator of the Security Culture Framework at CLTRe
An engaging and award winning specialist on security behaviors and security culture, I provide organizations around the world with advice on assessing, building and maintaining good security culture using the Security Culture Framework. I am working with researchers and practitioners worldwide to bring insights on human behavior from a security perspective, thus creating better products, services and organizations.

Recognitions (Selection)
* Ron Knode Service Award by the Cloud Security Alliance
* NCI Fellow at the National Cybersecurity Institute in Washington DC
* JCI ITF #132
* Amazon Bestselling Author

Author/editor of the success books:
* Build a Security Culture, IT-Governance 2015
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author), The Roer Group 2012
* The Leaders Workbook, The Roer Group 2010
Engage me!