Issue link: https://insights.oneneck.com/i/1476862
35 The 7 dimensions of security culture Positive norms that support organizational security are internalized when employ- ees' values and behaviors are aligned with those expected. Behaviors that are supportive of organizational security need to be identified, taught and reinforced. (See Behaviors.) When correct and expected behaviors are accepted as normal, adherence to these norms can be encouraged through the following mechanisms: Internal communication channels should be open and accessible to address any uncertainty and share best practices. Sharing lessons learnt, celebrating achievements, exemplifying correct behaviors, and acknowledging concerns are all proven mechanisms. (See Attitudes.) Expectations can be set through information security policies and role responsibilities. When desired actions are clearly communicated and accepted by the group, they help consolidate policies into normatively acceptable behavior. (See Responsibilities.) Design campaigns that that advertise the information security related social norms. Encourage employees to share their stories using blogs, newsletters, and e-mails, etc, so that others become aware of the consequences of non-compliance and see others rewarded for adherence to norms. (See Communication.) In addition, the role of organizational punishment can be considered as a form of social control. When used as a legitimate deterrent, punishment facilitates distinction between desirable and undesirable acts and helps to establish group norms by identifying acceptable and unacceptable behaviors 87 . Tips for positively influencing norms