1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: How long is a piece of string? The challenges and benefits of...

Discussion in 'CSO' started by RSS, Mar 30, 2016.

  1. RSS

    RSS New Member Member

    In the months since my book People-Centric Security was published, I've enjoyed a running conversation with Lance Spitzner of the SANS Securing the Human program. Lance S. (to clarify any "two Lance's" confusion) and I both believe strongly that harnessing the power of people and culture is the next great frontier for information security.

    The question we discuss is, how does one best measure organizational security culture? In my book I propose a broad measurement model that treats security culture holistically, as a sort of security "personality" within every organization. The results are intuitive, but the model requires a bit of specialized data collection to produce them.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page