CHAPTER 10: SECURITY CULTURE

Demonstrating to employees that security is there to make their life easier, not harder, is the first step in developing a sound security culture in a company. But before we discuss the actual steps to improve it, let’s first understand the root causes of poor security culture.

Security professionals must understand that bad habits and behaviours tend to be contagious. Malcolm Gladwell, in his book The Tipping Point,28 discusses the conditions which allow some ideas or behaviours to “spread like viruses”. He refers to the broken windows theory to illustrate the power of context. The theory was first presented by Wilson and Kelling,29 who advocated for stopping smaller crimes by maintaining the environment in order ...

Get The Psychology of Information Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.