Chapter 11

Security Culture

Abstract

A security culture is the combined set of security-related behaviors exhibited by the people in an organization. A security culture always exists. It may be weak or strong. Peer pressure typically enforces the culture. For example, if everyone within an organization wears a badge, an individual not wearing a badge will feel compelled to put on the badge. An organization should strive to create a strong culture. This typically takes a concerted effort.

Security awareness programs must intend to promote the organization's security governance. We provide guidance for implementing an awareness program that intends to create an organization that encourages strong behaviors, as well as programs that target individuals ...

Get Advanced Persistent Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.