This talk will address the effect of security culture on behavioral outcomes such as security awareness and behavior. To test the effect a measurement instrument was developed and empirically tested through a large empirical study including employees from 84 organizations. Implications for managers responsible for strategies to improve employees’ security behaviors will be discussed.
Now you’re thinking “Bubble? You what…”
Let me explain. My experience is that a lot of the time we security types - yes, you and me - don’t actually know what the rest of the departments within the business actually do on a day-to-day basis. We know they exist and what their purpose is but we don’t appreciate their pain points. We’ve all heard, way too many times, the quotation from Sun Tzu’s “The Art of War”: “If you know the enemy and know yourself you need not fear the results of a hundred battles.”
I would argue that a lot of us don’t know our own organisation as well as we should, let alone the enemy.
If we consider a typical enterprise organisation it will have departments such as HR, legal, sales, PR, marketing, accounts, IT and many others. These all have their own objectives, their own stresses and strains and targets to meet – essentially they are in their own little bubble trying to do the best they can with what they have and more often than not information security is the last thing on their minds - So if we are all in our own little bubbles, how can information security departments be effective for their businesses?
In this talk I’ll look at how you can step out of your bubble and help build more effective and positive relationships within your organisation.