CHAPTER

4

Cultural Threats and Risks

Having covered the ground of the previous three chapters, we’re left with a lot of circumstantial evidence regarding the relationship between information security and organizational culture. But where does the rubber hit the road? Where is the tangible, empirical interface between culture and security that allows us to imagine, observe, and design around the challenges and opportunities of our own security cultures?

Cultural Threat Modeling

In recent years the security industry has taken an interest in threat-centric security approaches, which attempt to address the actors responsible for security incidents instead of focusing on the weaknesses that such actors might exploit (vulnerability-centric approach) ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.