6 ways to develop a security culture from top to bottom

 Image result for IMAGE OF A CAREER LEADER

1. Instill the concept that security belongs to everyone

Many organizations have the opinion that the security department is responsible for security. Sustainable security culture requires that everyone in the organization is all in. Everyone must feel like a security person. This is security culture for everyone. Security belongs to everyone, from the executive staff to the lobby ambassadors. Everyone owns a piece of the company’s security solution and security culture.

2. Focus on awareness and beyond

Security awareness is the process of teaching your entire team the basic lessons about security. You must level set each person’s ability to judge threats before asking them to understand the depth of the threats. Security awareness has gotten a bad rap because of the mechanisms used to deliver it. Posters and in-person reviews can be boring, but they do not have to be. Add some creativity into your awareness efforts.
On top of general awareness is a need for application security knowledge. Application security awareness is for the developers and testers within the organization. In your organization, they may sit within IT, or they may be the engineering function. AppSec awareness is teaching the more advanced lessons that staff need to know to build secure products and services.

3. If you do not have a secure development lifecycle, get one now

Secure development lifecycle (SDL) is foundational to sustainable security culture. An SDL is the process and activities that your organization agrees to perform for each software or system release. It includes things like security requirements, threat modeling, and security testing activities. SDL answers the how for your security culture. It is sustainable security culture in action.

4. Reward and recognize those people that do the right thing for security

Look for opportunities to celebrate success. When someone goes through the mandatory security awareness program and completes it successfully, give them a high-five or something more substantial. A simple cash reward of $100 is a huge motivator for people, and will cause them to remember the security lesson that provided the money. They also will be quick to tell five co-workers they received cash for learning, and those five will jump into the training quickly. If you are shuddering at the idea of giving away $100 per employee, stop being so cheap and count the cost. The return on investment on preventing just a single data breach greatly outweighs the $100 spent.

5. Build security community

Security community is the backbone of sustainable security culture. Community provides the connections between people across the organization. Security community assists in bringing everyone together against the common problem, and eliminates an "us versus them" mentality.

6. Make security fun and engaging

Last, but certainly not least, is fun. For far too long people have associated security with boring training or someone saying no all the time. To cement a sustainable security culture, build fun and engagement into all the process parts. If you have specific security training, ensure that it is not a boring voice over a PowerPoint presentation. If you engage your community through events, do not be afraid to laugh and goof around some. In my previous role, at each monthly security community event, we started the meeting off with a game of security trivia with a different security category each month. We did hackers in the movies one month and security news in another. This is just an example of how to bring fun and engagement into the process.



SOURCE:techbeacon.com

Comments

Popular posts from this blog

Top 7 Ways To Hold On To Your Dreams

5 Secrets to Achieving and Maintaining Work-Life Balance