Culture and securityGreatest Values

In today’s marketplace the most valuable aspect of an organization, and sometimes the only things of value, is the information created, stored, and used to serve their customers and to be able to maintain a competitive advantage over their competitors.  Many organizations have realized this and have allocated budget to systems to protect this data.  The challenge is this only addresses one-third of the picture.

 

When talking about data security it involves people, process, and technology.  An organization early on in a security life-cycle will address the technology aspect of the picture.  As an organization matures and evolves often times the process aspect is addressed next.  These two provide a good defense, but it still leaves one-third of the picture out of focus … the people.

 

Organizational Culture

Your organizational culture will define how strong the last component in your security posture truly is.  Culture creates behaviors and behaviors re-enforce culture.  How does your organizational culture address the value of the data you produce, store, or use?  Do the members of your organization understand their role in protecting your data? 

 

Education

Many organizations today do not have a security awareness program in place to ensure their organizational culture understand the importance of people in the information security design.  Security awareness training should start during the new employee on-boarding process and continue on at least a quarterly basis updating the members of your organization of new threats, trends, and their role in protecting your most valuable asset … information.

 

When the education is consistent and regular it will strengthen the message and the understanding within your organization to do their part in information security.

 

Photo Courtesy of Metasploit Framework