About a week ago, I was having a chat to Jacqui Loustau at a Last Tuesday of the Month (LTOTM) event about a blog article for the AWSN to promote ‘Safer Internet Day’. After some discussion and a few glasses of red, we landed on a topic that will resonate with many information security folks – how to actually plant the seed for security culture change.
Many security professionals are fortunate to work within great companies or with great consulting clients, so we spend a lot of time talking about the benefits of security culture, what is best practice and what our peers in the industry are achieving. In our excitement and zest for improving security culture maturity, we could be forgiven for not taking a step back and thinking about those individuals and organisations who are just starting their journey, or may not be aware there is a journey!
Being in the business of security culture means I’m regularly assessing just where our clients are on their security culture journey. Regardless of industry sector, size or turnover, Australian companies are at various stages of maturity. Some are just starting to sow the seeds and get management buy in, some have internal support but need a ‘kickstarter’ to help them plan and implement activities, and others have more mature programs that they want to continually improve. Rarely is it a question of budget or resources, but barriers such as lack of management support, time constraints or ‘where do I start?’ are the common themes.
The purpose of this article is to help provide some tips for our peers who need a helping hand. You know security culture is important, but you might be having some difficulty obtaining the necessary support to move forward. So, without further ado, here are some prime pointers for helping you get the show on the road.