Jump to content

Search the Community

Showing results for tags 'culture'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Categories

  • Founder
  • Platinum
  • Gold
  • Silver
  • Partners

Forums

  • Framework 101
    • Webseries
    • Tiers
    • Profiles
    • Framework Core
  • General
    • Implementation Guidance
    • Solutions
    • Framework in the News
    • Supply Chain Risk Management
    • Success Stories
    • General Discussion
  • Version 2.0
    • Governance
    • Technical Qualifications
    • Updates and Improvements
  • Workshop
    • Feedback
  • Members
    • Member's Lounge
  • BSI RFI Responses

Blogs

  • Team CForum
  • Mike Brown's Blog
  • Tom.Conkle's Blog
  • Tony Sager's Blog
  • RonGula's Blog
  • Whitsitt on the NIST Framework
  • Frank Downs' Blog
  • Thoughts from Greg
  • matthew.smith's Blog

Categories

  • General
  • BSI RFI Responses
  • Guides
  • Templates
  • Example Profiles
  • Other Resources

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


ICQ


Yahoo


Jabber


Skype


Location


Interests


First


Last


Middle


Company Name


Sector


Affiliations


Country

Found 1 result

  1. We received the following question during the webinar yesterday - Do you have any thoughts around how culture within organizations affect not only CSF but information security overall? I personally think culture has a significant impact. During the workshops, we used the example of how a culture of safety affects that area of influence. If managers are lax about safety, people can get hurt badly and overall quality of company efforts will suffer. If, on the other hand, safety becomes institutionalized, it can become an enabler that brings the team together and creates an advantage. When a culture of common sense risk management becomes institutionalized, I think that security improves throughout. Social engineering attempts work fewer times, phishing emails work less frequently, and the ISSO is called in at the design phase rather than a week before a project goes live. Lastly, some of the information security awareness activities can be a lot of fun. That in itself can benefit the organization. Other thoughts? (Note: We have about a dozen questions that I'll post here for discussion.) Greg
×