Dear CSO, do you know how to build security culture?
by Kai Roer - Senior Partner, The Roer Group - Wednesday, 14 August 2013.
By theorizing that you have no knowledge about culture and social sciences, I'm making the same mistake right now. Instead of doing serious research, I just look at the CSOs I know to confirm my theory. Then I apply another bias to my somewhat limited sample of evidence - I generalize. By generalizing, I take whatever information I have, and scale it up to make it applicable to what I have set out to prove.

As a writer, I'm allowed to make such errors to make a point. As a scientist, doing the same should be and is a deadly sin. As a human, I'm always going to make these errors. It is, according to science, hardwired in our brains. My responsibility is to exercise strong self-control, and to be humbled for and by the errors I make.

"What does this have to do with security culture?," you may ask. Let us define culture. According to the Oxford dictionary, culture is "the ideas, customs and social behaviors of a particular people or society". By this definition, we see that culture is about the things we all do in a group of people. Security culture may then be the "ideas, customs and behaviors that impact security, both positive and negative, in a particular group of people".

In that definition, security is only a part of the whole, just like security is in most organizations around the world. It is your part, that is right. As I demonstrated above, you are likely the expert on security, but not on human behavior. Setting out to create and maintain security culture in your organization is not a job you should be doing alone.

Consider this instead: If you know security, who knows culture in your organization? And this: why don't you work to build your security culture with those who know culture and human behavior?

Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //