24/7: Focusing 24 Hours a Day on These 7 Dimensions = Secure Culture
Have you found yourself wondering what the trick is to a more security-aware culture?
Do you lay awake at night trying to figure out how to influence your employees to take personal responsibility for securing the organization? Well, wonder no more. We have done all of the work for you.
Through our groundbreaking research, not only have we been able to validate the link between a secure culture and more secure behavior, we have the data that unequivocally provide conclusive evidence on the importance of focusing on the human element. By examining the behavior and security culture of 97,661 employees across 1,115 organizations worldwide, we have been able to demonstrate that the link exists between the level of security culture in an organization and the measure of secure behavior of its employees.
But how, you may ask. Our research has found that information about these dimensions is vital when it comes to improving security culture and reducing risk within the organization. Knowing what these dimensions are, how they relate to security and how they can be positively influenced, will provide practitioners with the tools and practical advice needed to start building and improving security culture in organizations.
The Seven Core Dimensions are:
- Attitude – the feelings and beliefs that employees have towards security protocols and issues.
- Behavior – the actions and activities of employees that have direct or indirect impact on the security of the organization.
- Cognition – the employees’ understanding, knowledge and awareness of security issues and activities.
- Communication – the quality of communication channels to discuss security-related events, promote sense of belonging and provide support for security issues and incident reporting.
- Compliance – the knowledge of written security policies and the extent that employees follow them.
- Norms – the knowledge of and adherence to unwritten rules of conduct in the organization.
- Responsibility – how employees perceive their role as a critical factor in sustaining or endangering the security of the organization.
By using the seven Dimensions as a guide, you can start to dig into the real landscape of your organization to determine where the gaps in your security culture are that need focus. Since you are looking for the best marriage of the Dimensions, you may find that you communicate relatively well, but your employees seem challenged with interpreting those communications to their roles. So, clearer, more role-connected messaging may help in bridging that gap. Or, you may find that your employees have a strong interest in being more secure, but they just do not know how to get there. Perhaps this finding may lead you to more continuous training and testing.
The seven Dimensions will provide you with a great starting place to evaluate your current environment and provide the dock to anchor your findings on your way to creating a more secure culture.