The Competing Security Cultures Framework

Every organization that is concerned about protecting its information assets and systems—basically all organizations in today’s networked and digital society—has an information security culture. The security culture is a facet of the overall organizational culture. Most organizations, in fact, have multiple information security cultures, reflections of local values and priorities, and not everyone inside the organization is going to share the same beliefs and assumptions about how security should and does work. What the information security team values and thinks is most important for protecting the organization will probably be different, at least in degree, from what HR (or Internal Audit, ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.