11
The 7 dimensions of security culture
Cognition
The employees' understanding,
knowledge and awareness of
security issues and activities.
Behaviors
The actions and activities of
employees that have direct or
indirect impact on the security of the
organization.
Communication
The quality of communication
channels to discuss security-related
events, promote sense of belonging,
and provide support for security
issues and incident reporting.
Compliance
The knowledge of written security
policies and the extent that
employees follow them.
Norms
The knowledge of and adherence to
unwritten rules of conduct in the
organization, i.e. how security-
related behaviors are perceived by
employees as normal and accepted
or unusual and unaccepted.
Responsibilities
How employees perceive their role
as a critical factor in sustaining or
endangering the security of the
organization.
