Chapter 5. Establishing a Culture of CyberSecurity
‘It is necessary to create a change in attitudes which change the organizational culture. The cultural change is the realization that IT security is critical because a security failure has potentially adverse consequences for everyone. Therefore, IT security is everyone’s job.’
|--US National Institute of Standards and Technology|
When thinking about the term organizational culture, what is the first thing that pops into your mind? Most will respond with something like: ‘It’s how we do things around here.’ That may be true, but it only begins to address the implications of culture.
Whether or not culture can be clearly defined, it is obvious that it exists and impacts how things get done; it critically ...