Doug Bedell — September 22, 2021, 12:07 pm

Building a ‘Thoughtful Security Culture’

Perry Carpenter on advises on creating a “thoughtful security culture”.

“Awareness of the critical importance of data security,” he writes, “has been heightened during the pandemic with high-profile security breaches frequently in the news.”

“By understanding their current state,” Carpenter adds, “organizations can take steps to make improvements and close gaps where most needed. The elements of a security culture include:

• Attitudes – employees’ feelings and beliefs about security protocol and issues.
• Behaviors – employee behaviors and actions that directly or indirectly impact organizational security.
• Cognition – employees’ understanding, knowledge and awareness of security issues and activities.
• Communication – the quality of communication channels used to discuss security-related topics, made even more important in a hybrid work environment.
• Compliance – employees’ level of knowledge of security policies and their adherence to those policies.
Norms – employees’ knowledge of and adherence to the ‘unwritten rules’ of security conduct in the workplace and now, increasingly, in work-from-home environments.
Responsibilities – employees’ perceptions of their role in aiding or damaging the security of the organization.”

Building a security culture, Carpenter rightly notes, is “a process, not an event.”

No Comments »

RSS feed for Comments on this post.

No comments yet.

Leave a comment

Plain text comments only.