Building a ‘Thoughtful Security Culture’
Perry Carpenter on SecurityInfowatch.com advises on creating a “thoughtful security culture”.
“Awareness of the critical importance of data security,” he writes, “has been heightened during the pandemic with high-profile security breaches frequently in the news.”
“By understanding their current state,” Carpenter adds, “organizations can take steps to make improvements and close gaps where most needed. The elements of a security culture include:
• Attitudes – employees’ feelings and beliefs about security protocol and issues.
• Behaviors – employee behaviors and actions that directly or indirectly impact organizational security.
• Cognition – employees’ understanding, knowledge and awareness of security issues and activities.
• Communication – the quality of communication channels used to discuss security-related topics, made even more important in a hybrid work environment.
• Compliance – employees’ level of knowledge of security policies and their adherence to those policies.
Norms – employees’ knowledge of and adherence to the ‘unwritten rules’ of security conduct in the workplace and now, increasingly, in work-from-home environments.
Responsibilities – employees’ perceptions of their role in aiding or damaging the security of the organization.”
Building a security culture, Carpenter rightly notes, is “a process, not an event.”