Free and Open
The Security Culture Framework is a free and open framework to build and maintain security culture in any organization. It was created by Kai Roer and have become a thriving community with contributors from around the world.
A strong Community
The Security Culture Framework consists of members and users from around the world – from Australia, via Thailand and China, to EU via Africa, to the USA via South and Latin Americas. All around the world, the need is the same: a community to learn and share how to build and maintain security culture.
A Simple Process
The Security Culture Framework focus on the basics – there are plenty of examples of frameworks that get so complex and complicated that no-one are able to successfully implement them. By focusing on simplicity, the Security Culture Framework allow you to do the important things: transforming culture!
It is simplicity at its best!
Campaigns that makes sense
The key in the Security Culture Framework is the Security Culture Campaign – the activities you do in a timed session; (think of it as a short project) aimed at achieving a particular objective; for a specific group.
Use Existing Content
The Security Culture Framework is a generic approach aiming to fill the gaps in the way security awareness is currently being done. We believe there are great trainings and security awareness content available – from internal and self-made activities, via SANS to commercial offerings. The SCF is not a replacement for such content – instead, we help you maximize your investment by following best practices and by implementing a simple process to handle your security awareness activities in a way that helps you build and maintain good security culture.
There are many ways to get help when you need to get yourself unstuck.
Join the Community
We welcome anyone interested in security culture to join the community. It is free, all you have to do is to register. Share your questions and experience with others to help improve our industry.
Should you need any help with implementing the framework in your organization, just ask for help! A Certified Security Culture Practitioner have completed a five week training course, and the work has been controlled by our trainers to ensure the Practitioner know how to build and maintain security culture using the Security Culture Framework. Some of the Practitioners also offer consulting, so you can bring them on board to help you succeed!
Every summer, the Security Culture Summer Camp creates new Certified Security Culture Practitioners. The Summer Camp is open to anyone who want to join, just sign up!
The Security Culture Framework is licensed using the Creative Commons Share Alike license. This basically mean you are free to use, alter and play with the framework, also in a commercial setting, as long as you a) inform where you found it (use a link back to us), and b) share the adjustments you make back to the community. Where better to do that, than here?
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Do you need a different kind of license? Contact us to discuss your needs.
* Ron Knode Service Award by the Cloud Security Alliance
* NCI Fellow at the National Cybersecurity Institute in Washington DC
* JCI ITF #132
* Amazon Bestselling Author
Author/editor of the success books:
* Build a Security Culture, IT-Governance 2015
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author), The Roer Group 2012
* The Leaders Workbook, The Roer Group 2010
Latest posts by Kai Roer (see all)
- Notice of Breach - 07/12/2018
- Security Culture Framework Forum moved to LinkedIn Groups - 15/11/2018
- Security Culture Framework recommended by ENISA - 10/02/2018