how to build and maintain security culture in any organization
DESCRIPTION
This is the slides from a presentation I gave at the ISACA Nordic Conference in Oslo 2014, where I discuss what culture is, why it is important, and propose one way to build and maintain security culture by using the Security Culture Framework. You can read the transcript at my blog: http://roer.com/2014/04/08/build-maintain-security-culture/ which will help you make more sense of the slides!TRANSCRIPT
SECURITY CULTUREby Kai Roer
ISACA Nordic Conference, Oslo, 2014
SECURITY CULTURESay what…?
WHAT IS CULTURE?
the ideas, customs, and social behavior of a particular people
or society
Ref: Oxford Dictionary
WHAT IS SECURITY?
• the state of being free from danger or threat
• the state of feeling safe, stable, and free from fear or anxiety
Ref: Oxford Dictionary
SECURITY CULTURE
the ideas, customs, and social behavior of a particular people or society, that helps them
being free from danger or threat
Ref: K. Roer
CREATINGa Security Culture Program
INTRODUCING: THE SECURITY CULTURE FRAMEWORK
WHERE TO START
1. Set up your team
2. Define your goals, and how to know you reach them (To-Be)
3. Measure your current status (As-Is)
4. Define target audience(s)
5. Choose relevant topic(s) and activities
6. Plan and execute
7. Measure and Revise
8. Restart
WHY A PROGRAM
• Culture is constantly evolving
• Organizations change
• People change
• Not one training to save them all!
MORE THAN TRAINING
• Security Culture must be nurtured
• Support business
• Create understanding && Awareness
• On-going
• One step at the time
THANKS, ISACA 2014!• http://theroergroup.com
• http://roer.com
• https://scf.roer.com
• @kairoer
SOURCES OF INFORMATION
• The Security Culture Framework project
• Research
• SANS
• The Analogies Project
• The Security Awareness Framework project