Every organisation has its own culture and subcultures, so when it comes to addressing the poor security habits of your organisation, the key is to understand and manage the different ways your staff work.
That’s something that our July author of the month, Kai Roer, has been helping managers do with the aid of his Security Culture Framework.
This framework – which he outlines in Build a Security Culture – gives organisations a clear path with checkpoints and actions that ensure that your efforts are moving in the right direction.
Who is Kai Roer?
Kai Roer is a management and security consultant and trainer with experience from more than 30 countries.
He’s a guest lecturer at several universities, and the founder of The Roer Group, a European management consulting group focusing on security culture.
Build a Security Culture is Roer’s first book with IT Governance Publishing; his work has also been featured online and is the host of the monthly podcast and vlog Security Culture TV.
Receive 15% off Build a Security Culture throughout July by ordering from the IT Governance Publishing website, and entering the voucher code Roer15.
Build a Security Culture
As the threat of data breaches has soared in recent years, an effective security culture has gone from a luxury to a necessity.
The way your organisation treats passwords is part of security culture. How your employees detect and act upon a stranger in the building is part of security culture. How you define policies, implement them and train employees in security behaviour all impact your security culture.
According to a 2020 Forrester report, 94% of security leaders worldwide rate security culture as important to their organization.
However, it’s one thing to say that and another thing to build and maintain a security culture.
In Build a Security Culture, Kai Roer presents his Security Culture Framework, addressing the human and cultural factors in organisational security.
Using everyday examples and analogies, the book reveals social and cultural triggers that drive human behaviour and provides tips on how to manage these threats.
Although you might think the bulk of this involves training your staff on managing information security threats adequately, there is a lot more to it than this.
Build a Security Culture is available in physical, eBook, ePub and Kindle formats. Find out which format is right for you with our handy guide.
Roer is currently managing KnowBe4 Research, a global research centre that looks into cyber security awareness, behaviour and culture.
He said: “Our researchers are using huge amounts of data to improve how our industry is dealing with the human factors of security. This work is very rewarding because of the large impact we have.”