6 ways to develop a security culture from top to bottom

-

 Image result for IMAGE OF A CAREER LEADER

1. Instill the concept that security belongs to everyone

Many organizations have the opinion that the security department is responsible for security. Sustainable security culture requires that everyone in the organization is all in. Everyone must feel like a security person. This is security culture for everyone. Security belongs to everyone, from the executive staff to the lobby ambassadors. Everyone owns a piece of the company’s security solution and security culture.

2. Focus on awareness and beyond

Security awareness is the process of teaching your entire team the basic lessons about security. You must level set each person’s ability to judge threats before asking them to understand the depth of the threats. Security awareness has gotten a bad rap because of the mechanisms used to deliver it. Posters and in-person reviews can be boring, but they do not have to be. Add some creativity into your awareness efforts.
On top of general awareness is a need for application security knowledge. Application security awareness is for the developers and testers within the organization. In your organization, they may sit within IT, or they may be the engineering function. AppSec awareness is teaching the more advanced lessons that staff need to know to build secure products and services.

3. If you do not have a secure development lifecycle, get one now

Secure development lifecycle (SDL) is foundational to sustainable security culture. An SDL is the process and activities that your organization agrees to perform for each software or system release. It includes things like security requirements, threat modeling, and security testing activities. SDL answers the how for your security culture. It is sustainable security culture in action.

4. Reward and recognize those people that do the right thing for security

Look for opportunities to celebrate success. When someone goes through the mandatory security awareness program and completes it successfully, give them a high-five or something more substantial. A simple cash reward of $100 is a huge motivator for people, and will cause them to remember the security lesson that provided the money. They also will be quick to tell five co-workers they received cash for learning, and those five will jump into the training quickly. If you are shuddering at the idea of giving away $100 per employee, stop being so cheap and count the cost. The return on investment on preventing just a single data breach greatly outweighs the $100 spent.

5. Build security community

Security community is the backbone of sustainable security culture. Community provides the connections between people across the organization. Security community assists in bringing everyone together against the common problem, and eliminates an "us versus them" mentality.

6. Make security fun and engaging

Last, but certainly not least, is fun. For far too long people have associated security with boring training or someone saying no all the time. To cement a sustainable security culture, build fun and engagement into all the process parts. If you have specific security training, ensure that it is not a boring voice over a PowerPoint presentation. If you engage your community through events, do not be afraid to laugh and goof around some. In my previous role, at each monthly security community event, we started the meeting off with a game of security trivia with a different security category each month. We did hackers in the movies one month and security news in another. This is just an example of how to bring fun and engagement into the process.

SOURCE:techbeacon.com

Comments

Post a Comment

Popular posts from this blog

Top 7 Ways To Hold On To Your Dreams

-
By:   Deborah Brown Have you given up on your dreams? Would you like to get them back? Many of us give up on our dreams. Often our dreams slip away without our even realizing it. Our dreams are who we are. They give us an incentive to get out of bed everyday. They are the reason we were born, and our destiny to fulfill while we are here. They are within your grasp. And yes, they can come true. It's up to you to decide if they will. What can you do if you've given up on your dreams? Follow these easy steps: Remember you are worth it. You deserve to live your dreams. Recognizing this is the hardest and most necessary step. Most of us think that only other people get to live their dreams. Only other people are lucky enough, not us. We think we don't deserve it but the only thing these thoughts do is keep us from moving forward. Remember that your dreams are important. Once you know how important living your dreams is to your health and mental well being, then yo
Read more »---->

7 Effective Ways to Develop Your Negotiation Skills

-
Image
1. Practise Saying ‘No’ Human beings are programmed to be non-confrontational. From a young age, we’re taught to follow orders or else get punished, and as adults, we’re taught the same thing. Time and again, we’re told to ‘let it go’ and ‘just go with the flow’ so we don’t upset the client or the boss. This lifelong habit of avoiding confrontation and just saying ‘yes’ weakens your negotiation skills. But not to worry; you can still reprogramme your mind by practising saying ‘no’. You can start with something small like going home on time or refusing to work extra hours, especially if you’re already raking in too much overtime. If that seems like a big step for you, then you can start by saying ‘no’ to that annoying colleague who loves sabotaging your healthy eating habits by tempting you with a piece of chocolate cake. These might seem like small steps, but taking the opportunity to say ‘no’ to minor instances will help you say ‘no’ to bigger things – whether it’s
Read more »---->