5 signs your security culture is toxic (and 5 ways to fix it)
If a company’s culture is the heart and soul of an organization, then its security culture is its omnipresent guardian.
More than just policies and procedures put in place, a company’s security culture is that “social” operating system that influences and guides employees to integrate security awareness and behaviors into their daily lives. When the security culture starts to break down, whether inside the security team itself or between the security team and the rest of the organization, it can lead to a toxic environment of lax cyber practices, cynicism and finger-pointing.
Industry leaders offer five tell-tale signs that your security culture is toxic, and how to get the security culture you want.
5 signs of a toxic security culture
They’re playing the blame game
When a significant incident happens, the focus in a toxic environment immediately goes to who’s to blame, says Rob Clyde, ISACA board director and past chair who has been involved with ISACA’s annual Cybersecurity Culture Report, due out this fall. The organization looks for a scapegoat – someone to fire. “Look at the average tenure of the leadership. If it’s less than three years, that’s a likely warning sign,” he says...
They’re playing the blame game
When a significant incident happens, the focus in a toxic environment immediately goes to who’s to blame, says Rob Clyde, ISACA board director and past chair who has been involved with ISACA’s annual Cybersecurity Culture Report, due out this fall. The organization looks for a scapegoat – someone to fire. “Look at the average tenure of the leadership. If it’s less than three years, that’s a likely warning sign,” he says...
No comments:
Post a Comment