CHAPTER

2

Strategy for Breakfast: The Hidden Power of Security Culture

For an industry that is so grounded in engineering and technology, information security can appear quite unscientific to those outside of the field. Your organization’s information security team can probably inundate you with reams of data about security operations and posture, including product performance benchmarks, security event logs, patches applied, and events counted. But the industry struggles to satisfactorily answer the question of why one organization’s security strategy seems to protect the organization, while another’s efforts fail miserably. It’s almost like fate or the wrath of the gods is involved. We seem to know everything about how information security ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.