I'm trying to build a more security-aware culture.  Has anyone successfully embedded security responsibilities in other teams across the business?

Top Answer : Security cultures will vary and often are unique to a business culture. Most security programs are deliberate with a set of actions to promote awareness and there are some significant features of successful security cultures. · Security awareness extends past IT and begins at the top. Senior leaders set the tone and drive cultural change. Making executives aware of the risk to the organization posed by a lack of security awareness is key - Loss of revenue; Reputation damage; Operational disruptions; Intellectual property (IP) theft; and Theft of personally identifiable information (PII). ·  Establish a continuous security training program for all staff. Training staff about safe online computing, strong passwords, and social engineering, will help mold the organization into the first line of cyber defense and ensure the confidentiality of sensitive business data. · Keep the security program aligned with business objectives. Focus on specific incremental goals rather than trying to achieve too much too fast. Identify the security behaviors that need to be promoted and align those behaviors to business results so that employees can understand the value security has in protecting the overall organization Most importantly, successful security programs AVOID a culture of blame and fear when it comes to security. Security leaders should empower users with a culture of personal responsibility so staff treat data security in the same way they treat other company policies like health and safety.

Pink USB Stick
Health Care and Social Assistance
Security cultures will vary and often are unique to a business culture. Most security programs are deliberate with a set of actions to promote awareness and there are some significant features of successful security cultures. · Security awareness extends past IT and begins at the top. Senior leaders set the tone and drive cultural change. Making executives aware of the risk to the organization posed by a lack of security awareness is key - Loss of revenue; Reputation damage; Operational disruptions; Intellectual property (IP) theft; and Theft of personally identifiable information (PII). ·  Establish a continuous security training program for all staff. Training staff about safe online computing, strong passwords, and social engineering, will help mold the organization into the first line of cyber defense and ensure the confidentiality of sensitive business data. · Keep the security program aligned with business objectives. Focus on specific incremental goals rather than trying to achieve too much too fast. Identify the security behaviors that need to be promoted and align those behaviors to business results so that employees can understand the value security has in protecting the overall organization Most importantly, successful security programs AVOID a culture of blame and fear when it comes to security. Security leaders should empower users with a culture of personal responsibility so staff treat data security in the same way they treat other company policies like health and safety.
2 upvotes