Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Template: Project Team Members


Review the following roles, confirm responsibilities, add roles as needed and confirm team structure, e.g., core vs. extended team.  This template is just that – a template you can (and should) change to your needs.

Security Culture Program Governance

As with any other projects and programs you undertake, you should have governance in place. These are the key people who support and own your program, and whom you report to.

Security Culture Program Core Team

This is the main security culture program work group. You may use one person for several roles, although it is usually better to try to have different people for the different roles.

Security Culture Program Optional team members

If your organization are large, you may consider including the following resources in your security culture program, or in each campaign run by your program. Other roles than listed here can be useful too.

Security Culture Program External Team

Provide expertise and guidance regarding specific functions and/ or responsibilities, as well as particular needs and requirements of different departments, systems, locations etc.

Other roles than those listed here can be useful. Consider the people who can provide value to the program, its content and its successful implementation.

Security Culture Campaign Team

A Campaign team is responsible for setting up, implementing and measuring a campaign (usually 12 weeks). This team can be the same as the Program Core Team, or it can be a separate group. The team can be responsible for a single campaign, or a series of campaigns. In larger organizations, you can run several campaign teams in parallel, all reporting to the Program Core Team.

Download template here: Project Team Member Roles and Responsibilities (PDF)

Engage me!

Kai Roer

Creator of the Security Culture Framework at CLTRe
An engaging and award winning specialist on security behaviors and security culture, I provide organizations around the world with advice on assessing, building and maintaining good security culture using the Security Culture Framework. I am working with researchers and practitioners worldwide to bring insights on human behavior from a security perspective, thus creating better products, services and organizations.

Recognitions (Selection)
* Ron Knode Service Award by the Cloud Security Alliance
* NCI Fellow at the National Cybersecurity Institute in Washington DC
* JCI ITF #132
* Amazon Bestselling Author

Author/editor of the success books:
* Build a Security Culture, IT-Governance 2015
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author), The Roer Group 2012
* The Leaders Workbook, The Roer Group 2010
Engage me!