Search the Community
Showing results for tags 'culture'.
Found 1 result
Greg Witte posted a topic in Implementation GuidanceWe received the following question during the webinar yesterday - Do you have any thoughts around how culture within organizations affect not only CSF but information security overall? I personally think culture has a significant impact. During the workshops, we used the example of how a culture of safety affects that area of influence. If managers are lax about safety, people can get hurt badly and overall quality of company efforts will suffer. If, on the other hand, safety becomes institutionalized, it can become an enabler that brings the team together and creates an advantage. When a culture of common sense risk management becomes institutionalized, I think that security improves throughout. Social engineering attempts work fewer times, phishing emails work less frequently, and the ISSO is called in at the design phase rather than a week before a project goes live. Lastly, some of the information security awareness activities can be a lot of fun. That in itself can benefit the organization. Other thoughts? (Note: We have about a dozen questions that I'll post here for discussion.) Greg