Introduction
What is security culture?
Security culture is a set of security-related norms, values, attitudes and assumptions that are inherent in the daily operation of an organization and are reflected by the actions and behaviours of all entities and personnel within the organization. Security should be everyone's responsibility - from the ground up and top down. Effective security culture is about:
- Recognizing that effective security is critical to business success;
- Establishing an appreciation of positive security practices among employees;
- Aligning security with core business goals; and
- Articulating security as a core value rather than as an obligation or a burdensome expense.
Benefits
The benefits of an effective security culture include:
- Employees are engaged with, and take responsibility for, security issues;
- Levels of compliance with protective security measures increase;
- The risk of security incidents and breaches is reduced, given that employees are thinking and acting in more security-conscious ways;
- Employees are more likely to identify and report behaviours/activities of concern;
- Employees feel a greater sense of security; and
- Security is enhanced without the need for large expenditure.