Chapter 5: Achieving a Security Culture
Loading...
Authors
Da Veiga, Adele
Issue Date
2019-02
Type
Book chapter
Language
en
Keywords
Alternative Title
Book title: Cybersecurity Education for Awareness and Compliance
Cybersecurity Education for Awareness and Compliance Noted as an /GI Global Core Reference Title in Security & Forensics for 2019.
Cybersecurity Education for Awareness and Compliance Noted as an /GI Global Core Reference Title in Security & Forensics for 2019.
Abstract
A security culture can be a competitive advantage when employees uphold strong values for the protection
of information and exhibit behavior that is in compliance with policies, thereby introducing minimal
incidents and breaches. The security culture in an organization might, though, not be similar among
departments, job levels, or even generation groups. It can pose a risk when it is not conducive to the
protection of information and when security incidents and breaches occur due to employee error or
negligence. This chapter aims to give organizations an overview of the concept of security culture, the
factors that could influence it, an approach to assess the security culture, and to prioritize and tailor
interventions for high-risk areas. The outcome of the security culture assessment can be used as input
to define security awareness, training, and education programs aiding employees to exhibit behavior
that is in compliance with security policies.
Description
Citation
Publisher
IGI Global, Cybersecurity Education for Awareness and Compliance