Dear CSO, do you know how to build security culture?
by Kai Roer - Senior Partner, The Roer Group - Wednesday, 14 August 2013.
By theorizing that you have no knowledge about culture and social sciences, I'm making the same mistake right now. Instead of doing serious research, I just look at the CSOs I know to confirm my theory. Then I apply another bias to my somewhat limited sample of evidence - I generalize. By generalizing, I take whatever information I have, and scale it up to make it applicable to what I have set out to prove.

As a writer, I'm allowed to make such errors to make a point. As a scientist, doing the same should be and is a deadly sin. As a human, I'm always going to make these errors. It is, according to science, hardwired in our brains. My responsibility is to exercise strong self-control, and to be humbled for and by the errors I make.

"What does this have to do with security culture?," you may ask. Let us define culture. According to the Oxford dictionary, culture is "the ideas, customs and social behaviors of a particular people or society". By this definition, we see that culture is about the things we all do in a group of people. Security culture may then be the "ideas, customs and behaviors that impact security, both positive and negative, in a particular group of people".

In that definition, security is only a part of the whole, just like security is in most organizations around the world. It is your part, that is right. As I demonstrated above, you are likely the expert on security, but not on human behavior. Setting out to create and maintain security culture in your organization is not a job you should be doing alone.

Consider this instead: If you know security, who knows culture in your organization? And this: why don't you work to build your security culture with those who know culture and human behavior?

Spotlight

The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Nov 26th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //