As a writer, I'm allowed to make such errors to make a point. As a scientist, doing the same should be and is a deadly sin. As a human, I'm always going to make these errors. It is, according to science, hardwired in our brains. My responsibility is to exercise strong self-control, and to be humbled for and by the errors I make.
"What does this have to do with security culture?," you may ask. Let us define culture. According to the Oxford dictionary, culture is "the ideas, customs and social behaviors of a particular people or society". By this definition, we see that culture is about the things we all do in a group of people. Security culture may then be the "ideas, customs and behaviors that impact security, both positive and negative, in a particular group of people".
In that definition, security is only a part of the whole, just like security is in most organizations around the world. It is your part, that is right. As I demonstrated above, you are likely the expert on security, but not on human behavior. Setting out to create and maintain security culture in your organization is not a job you should be doing alone.
Consider this instead: If you know security, who knows culture in your organization? And this: why don't you work to build your security culture with those who know culture and human behavior?
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.