5
The 7 dimensions of security culture
and minimize losses from information security attacks. However, it is important
that organizations understand that developing a strong security culture is an
important and effective strategy to improve risk management. Not a one-off
activity, security culture is an ongoing process that needs to be continuously
nurtured and incorporated into the wider organizational culture.
In our research, we have developed and investigated the following seven key
dimensions of security culture; employee attitudes to security and policies,
behaviors, cognitive processes surrounding security, quality of communication,
compliance to security policies, organizational unwritten rules or norms, and
individual responsibilities.
Information about these dimensions is vital when it comes to improving security
culture, and thus reducing risk in the organization. This text builds on CLTRe's
model for measuring security culture and provides a comprehensive resource for
practitioners seeking a deeper understanding of the dimensions that comprise
security culture. Knowing what these dimensions are, how they relate to security,
and how they can be positively influenced, will provide practitioners with the
tools and practical advice needed to start building and improving security culture
in organizations.
