CHAPTER

2

Strategy for Breakfast: The Hidden Power of Security Culture

For an industry that is so grounded in engineering and technology, information security can appear quite unscientific to those outside of the field. Your organization’s information security team can probably inundate you with reams of data about security operations and posture, including product performance benchmarks, security event logs, patches applied, and events counted. But the industry struggles to satisfactorily answer the question of why one organization’s security strategy seems to protect the organization, while another’s efforts fail miserably. It’s almost like fate or the wrath of the gods is involved. We seem to know everything about how information security ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.