CHAPTER 7: BUILDING SECURITY CULTURE

In this chapter we take a look at the Security Culture Framework, and explain how a methodology helps organisations develop and maintain good security culture.

Building and maintaining security culture is like any other process you manage: continuous, planned, controlled and audited. I am sure you are familiar with the PDCA (Plan, Do, Check, Act) flow of process management from the ISO/IEC and other standards. What you may not know is that the same pattern of planning, doing, checking the results and implementing necessary changes (act) also works great when it comes to working with people.

After many years of listening to frustrated security professionals who felt they had failed in building security awareness, ...

Get Build a Security Culture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.