Security and technology leaders around the world are becoming much more focused on the importance of improving their enterprise security culture as a vital component of overall risk management. The need to provide tools, training and other technology aids to staff is well-documented, but how can this be done in our fast-paced, ever-changing online world as cyberthreats evolve?
To deliver the ongoing promises of effective security awareness training for all employees, technical training for select professionals, or using stronger terms to rename targeted cyber training, how can cybersecurity improvements be incorporated into an organization’s DNA?
In a blog written last year for netwrix.com that offers several helpful tips, a security culture is define as “a healthy mix of knowledge and follow-through.”
Tim Ferriss shared his definition of security culture as: “what happens when people are left to their own devices.”
3 Questions on Security Culture
But before I offer you some basic questions to get started, here’s a small sampling (from just the past few weeks) of the many articles that pop up when you google the term “security culture.”
- InfoSecurity Magazine: How to Establish Visibility, Governance and a Security Culture for Multi-Cloud
- TechRadar: Tackling cybercrime with a culture of security
- Manilla Bulletin: BPI’s strong security culture
- iTechPost: The human factor in network security
All of these articles offer helpful tips and insights; however, these (and most other) articles rarely touch on the vital, yet basic, questions and analysis that is so central to security programs’ success.
Here are three basic questions, which may seem simple at first, but offer tremendous value. If the answer is “no” to these, think of strategies to drive that behavioral change.
1) Do your employees truly value security? How do you know?
In over 30 years in (Read more...)
*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/security-culture-questions-to-consider.html