CHAPTER 3: HOW DOES SECURITY CULTURE RELATE TO SECURITY AWARENESS?

In this chapter, we look at how security culture comprises security awareness, and how security culture succeeds where awareness alone is doomed.

In the previous chapter I discussed how security culture is more than people and competence; culture includes the rules, laws and regulations, as well as the technology we use. Security awareness belongs in the people and competence part of the triangle.

Security awareness is a limited area, as well as a poorly defined one. There is no commonly agreed upon definition of security awareness, which in turn means that a common understanding of what security awareness really is, is non-existent. Almost everyone I talk to has their own idea ...

Get Build a Security Culture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.