Implementing a Successful Security Culture Diagnostic Project
We’ve covered a lot of territory in this part of the book, including a framework (Chapter 5) and a survey (Chapter 6) for measuring an organization’s information security culture, and security culture maps for visualizing and communicating the survey results (Chapter 7). As you’ve read, you can interpret the data collected from such measurement projects not only to understand where your security culture is today, but also to determine where you want your security culture to be in the future. But one question still remains: how does an organization actually perform a security culture assessment? This chapter tackles that question, discussing how you can get support for diagnosing ...