The 7 Dimensions of Security Culture

Issue link: https://insights.oneneck.com/i/1476862

Contents of this Issue


Page 3 of 43

4 The 7 dimensions of security culture Executive summary Information security risks and threats, such as viruses, spyware, ransomware and phishing, are an increasingly significant issue. IBM reports that as many as one in four companies 1 are affected by cyber-crime. In nine out of ten incidents 2 , the criminals get in using social engineering, often by using stolen credentials gained through phishing or by planting malware in email attachments. Weak information security culture has led to unwanted exposures of personal sensitive information of billions of individuals worldwide 3 , and information security attacks are a major concern. In the US, a typical data breach now costs a company $7.91M 4 . Not surprising then, that as many as 60 percent of hacked small and medium-sized businesses reportedly go out of business after six months 5 . As a result, we are seeing security culture rise as a recognized need in organizations, and driving this change in approach has been the acknowledgement within organizations that 6 : a) Technical cyber security measures need to operate in harmony with other business processes. b) Employees should not be put in a conflicting situation, where they forced to choose between complying with security policies or doing their job. c) Cyber threat awareness-raising campaigns are not, in themselves, affording sufficient protection against ever-evolving cyber-attacks. d) How an organization behaves is dependent on the shared beliefs, values and actions of its employees towards information security. e) Rather than view employees as the weakest link in cyber security chains, they should instead be viewed as an important line of defense (a human firewall) against cyber-attacks. There have been considerable efforts from information security industry and experts to make countermeasures and solutions available to detect, prevent,

Articles in this issue

Archives of this issue

view archives of eBooks/eGuides - The 7 Dimensions of Security Culture