CHAPTER

16

Behavior and Culture: Mastering People-Centric Security

In Chapter 8 I discussed how to implement a security culture diagnostic project, including how to get support for the project, how to execute the project, and how to interpret and use the results collected from the Security Culture Diagnostic Survey (SCDS) instrument. Chapter 9 made the point that diagnosing and measuring security culture is not the same thing as improving and transforming it. Now that I have presented both the Competing Security Cultures Framework (CSCF) and the Security FORCE Behavioral Model in depth, we can consider how these two complementary frameworks can be combined to create comprehensive people-centric security transformation.

What Does Security Culture ...

Get People-Centric Security: Transforming Your Enterprise Security Culture now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.