How to build and maintain security culture in any organization
Post on 23-Aug-2014
2390 Views
Preview:
DESCRIPTION
Transcript
SECURITY CULTUREby Kai Roer
ISACA Nordic Conference, Oslo, 2014
SECURITY CULTURESay what…?
WHAT IS CULTURE?
the ideas, customs, and social behavior of a particular people
or society
Ref: Oxford Dictionary
WHAT IS SECURITY?
• the state of being free from danger or threat
• the state of feeling safe, stable, and free from fear or anxiety
Ref: Oxford Dictionary
SECURITY CULTURE
the ideas, customs, and social behavior of a particular people or society, that helps them
being free from danger or threat
Ref: K. Roer
CREATINGa Security Culture Program
INTRODUCING: THE SECURITY CULTURE FRAMEWORK
WHERE TO START
1. Set up your team
2. Define your goals, and how to know you reach them (To-Be)
3. Measure your current status (As-Is)
4. Define target audience(s)
5. Choose relevant topic(s) and activities
6. Plan and execute
7. Measure and Revise
8. Restart
WHY A PROGRAM
• Culture is constantly evolving
• Organizations change
• People change
• Not one training to save them all!
MORE THAN TRAINING
• Security Culture must be nurtured
• Support business
• Create understanding && Awareness
• On-going
• One step at the time
THANKS, ISACA 2014!• http://theroergroup.com
• http://roer.com
• https://scf.roer.com
• @kairoer
SOURCES OF INFORMATION
• The Security Culture Framework project
• Research
• SANS
• The Analogies Project
• The Security Awareness Framework project
top related