Issue link: https://insights.oneneck.com/i/1476862
7 The 7 dimensions of security culture What is security culture? Security culture depicts the human-related security elements in organizational settings, and is defined by the Security Culture Framework as "the ideas, customs, and social behavior of a particular people or society [i.e. employees in an organization] that allow them to be free from danger or threats" 7 . This definition is useful in order for practitioners to understand the wider concept of security culture. However, when we want to measure a phenomenon, a more detailed definition is often required. In this document we describe the 7 dimensions that CLTRe and our research partners have identified as the core elements that need to be measured in order to describe security culture accurately. In order to be able to improve a security culture (e.g. to make it stronger or more positive), we need to know what we mean by the concept of security culture, i.e. what human or organizational aspects are we referring to. Only then will we know what makes a security culture strong or positive in the first place. Once it is defined, we can measure it. Using the results, we discover what mechanisms can be used to influence security culture, and the extent of their impact. The following text elaborates on our model for measuring and managing security culture. This model is comprised of seven dimensions and includes human-aspects of security that existing models often omit, such as organization communication processes, social roles and a more comprehensive understanding of norms, attitudes and cognitive processes. Much care has been taken to explain what each of the dimensions are, where they come from, why they matter, and how they fit into the overall model for measuring security culture. The ideas, customs and social behavior of a particular people or society that allow them to be free from danger or threats. -- The Security Culture Framework