BEST PRACTICES FOR BUILDING A SECURITY CULTURE PROGRAM

Security culture needs to be defined in a way that makes it easy to understand, easy to measure and easy to manage.

Publicado enero 6, 2021 en Atlantic Pacific

Nowadays, there is a lot of talk about security culture and how we can make organizations embrace and build it. But how does one go about building a security culture? How can it be measured, improved or changed?

In many cases, organizations are approaching security culture wrong. One of the main reasons for this is that they approach a culture change program the same way they would roll out a strategic change.

Allow me to illustrate with an example.

Most of us are familiar with Martin Luther King Jr.’s infamous phrase, “I have a dream.” This is an example of someone who understood that a cultural change was needed, and to facilitate that change, he needed to appeal to people's emotions. He needed to share a vision of hopes and dreams. Consider if he made the same speech, but instead of saying he had a dream, he started off by saying he had a seven-point strategic plan on how to achieve equality. The message may have been the same, but it would have been received very differently.

Changing the security culture of an organization is not something that can be easily captured within a single blog post. It would likely take a book (or two) to fully flesh out the ideas and concepts.

But for those looking to embark on a culture change program, the following three pillars can serve as a good foundation to start from:

Understand What Needs to Change

Before diving headlong into a culture change program, it is essential to understand what aspects of culture need to be changed. It’s easy to say that an organization needs a security culture, but which behaviors does that translate into?

Para el ver artículo original: https://www.securityinfowatch.com