Security culture comprises the values, norms, beliefs, attitudes, and assumptions that are built into the daily operations of your organisation.
It is reflected in the actions and behaviours of all staff, personnel and stakeholders involved with your organisation. Security is everyone’s responsibility—including high-level management and operational staff—and a positive security culture is built and reinforced across all levels of an organisation. When security is included as part of core business goals and values, everybody is clear on their role, and everybody benefits.
A positive security culture is about:
Security culture goes beyond security awareness, and good security awareness does not automatically imply good security culture. Policies, procedures, and the environment created by an organisation that can enable an understanding of security at a deeper institutional level, results in positive and effective practice and outcomes.
A positive security culture means that security is in the DNA of your organisation and an integral part of everything people do.
|Previous page: Security culture guidance
|Next page: Why do organisations need good security culture?