an overview of the security culture framework, and the services around it
DESCRIPTION
In this presentation, we introduce the Security Culture Framework (the free and open framework to build and maintain security culture), and explain how the Community, 3rd party partners and The Roer Group works together to create a full ecosystem of security culture. You can join the movement at https://scf.roer.comTRANSCRIPT
https://scf.roer.comNavigating To Your Goal
The Security Culture Framework
https://scf.roer.com
The ideas, customs, and social behavior of a
particular people or society, that allows them to be free
from danger or threats.
Security Culture
“”Kai Roer, Founding Partner
https://scf.roer.comA Quick Introduction
The Security Culture Framework
https://scf.roer.com
● Assess where you currently are○ Create baselines○ Understand what to measure○ Understand how to measure
● Visualise where you would actually like to be○ Define clear (SMART) goals○ Describe the goal using metrics
The Security Culture Framework
Know Your Goals
https://scf.roer.com
● Look at who you will need to involve along the journey○ HR, Marketing and PR○ CxO, Employees, Stakeholders
● Analyze the audience○ Who are my target audience?○ What do they care about?○ How do they communicate?○ How do I best adapt the security
message to their needs?
The Security Culture Framework
Know Your Audience
https://scf.roer.com
● Choose and use topics and activities that leads towards your defined goals
● Use different activities to build competence
● Drive behavioral change through topics and activities that are relevant to your program
The Security Culture Framework
Know Your Topics
https://scf.roer.com
● Plan for success!● Organize the work in time-limited
Campaigns to help you stay in control● Run campaigns in parallel in larger
organizations to target different audiences, topics and goals
● Run Campaigns in series to build a complete security culture program
The Security Culture Framework
Know Your Plan
https://scf.roer.comPlotting a Course
The Security Culture Framework
https://scf.roer.com
The Security Culture Framework: Templates and methodology
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
Manage Internally
● The framework is free and open● Download templates● How-To guides for each template● Published with a Creative Commons
license. ● https://scf.roer.com
https://scf.roer.com
The Security Culture Framework: Templates and methodology
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
Manage Internally
● Manage your own Security Culture Program
● Use internal resources● Low budget, full ownership● Total control
https://scf.roer.com
The Security Culture Framework: Templates and methodology
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
Manage Internally
● Use the Community for support and learning
● Free and open access● Register to post questions and
comments ● Help build and spread the
competence!
https://scf.roer.comSafe Navigation
The Security Culture Framework
https://scf.roer.com
The Security Culture Framework: Templates and methodology
Manage InternallyCertified Consulting Partner
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
● Partners to help:○ Design and manage program○ Execute program○ Run metrics and revisions
● Certified partners available in USA and Europe
https://scf.roer.comBuilding Your Crew
The Security Culture Framework
https://scf.roer.com
Learn! by Roer
Internal Training Program
Certification
Online
Tools
SCFApplication
Intelligence
Reports
Consulting
Security Culture Program
Security Culture Campaign
Coaching
On-Site
Remote
The Security Culture Framework
Services from The Roer Group
https://scf.roer.com
Learn! by Roer
Internal Training Program
Certification
Online
● Professional training○ Online (recorded and live)○ On-Site (adapted to your needs)○ Certified Security Culture Practitioner
● Options○ Keynotes○ Talks and Workshops○ Round Table Facilitation
The Security Culture Framework
Services from The Roer Group
https://scf.roer.com
● Campaign Mode○ 12 weeks campaign○ Define goals, target audience and activities○ Execute, Measure and Report
● Program Mode○ 18 months○ Up to 6 Campaigns in serie○ Program goals breaks down to Campaign goals
Consulting
Security Culture Program
Security Culture
Campaign
The Security Culture Framework
Services from The Roer Group
https://scf.roer.com
● Remote Coaching○ Phone and email○ Unlimited* access to coach○ Fixed fee = low risk
● On-Site Coaching○ Phone, email and On-Site○ Unlimited* access to coach○ Fixed fee** = low risk
Coaching
On-Site
Remote
*: Unlimited access means a maximum of 10 coaching hours per month. **: Fixed fee does not include travel+accommodation as required.
The Security Culture Framework
Services from The Roer Group
https://scf.roer.com
● Intelligence○ What are the trends?
● Reports○ How do we compare to others?
● SCF Application○ Manage your Security Culture Program○ Annual SubscriptionTools
SCFApplication
Intelligence
Reports
The Security Culture Framework
Services from The Roer Group
https://scf.roer.comResults Ahead!
The Security Culture Framework
https://scf.roer.com
The Security Culture Framework: Templates and methodology
Manage InternallyCertified Consulting Partner
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
Learn! by Roer
Internal Training Program
Certification
Online
Tools
SCFApplication
Intelligence
Reports
Consulting
Security Culture Program
Security Culture
Campaign
Coaching
On-Site
Remote
https://scf.roer.comYour Next Step
The Security Culture Framework
https://scf.roer.com
https://scf.roer.com
Join the communityGet Answers
Download TemplatesEngage and Learn
Build Security Culture!
https://scf.roer.comhttps://scf.roer.com
Start Today!