Issue link: https://insights.oneneck.com/i/1476870
3 Introduction "Security Culture" is a hot topic. The phrase seems to be appearing with increasing frequency in online articles, security presentations, and vendor pitches. But there is a problem: the phrase is often used in ways that are absent of any real meaning. As a result, the phrase security culture is often thought of as the same thing as security awareness and training. Those who use the phrase often do so in ways that would insinuate that security culture is something as simple as the output of security awareness and training activities. But, while security awareness and training efforts do contribute to security culture, awareness and culture are not the same. Security culture is a much richer and more intricate topic. Security culture encompasses everything related to the ideas, customs, and social behaviors of an organization and how those factors influence the organization's security. Defining Security Culture Defining Security Culture One of the main reasons for all of the confusion around the phrase security culture is related to a very fundamental issue. People use the phrase without defining what it means. That leaves everything up to interpretation and assumption. As such, one goal of this body of work is to change that. Security Culture is defined as the ideas, customs, and social behaviors of a group that influence its security. Why is Security Culture So Important? Why is Security Culture So Important? If there is one good thing that comes from all the media reporting about cyberbreaches around the world, it is that virtually every organization now recognizes the need to shore up their cyber defenses. Organizations are extremely interested in ensuring their long-term resilience and sustainability. There are aspects of that story that are technology-centric, but there are also many, many aspects that are people-centric. When leaders hyper focus on the technology side of the story, they risk forgetting that technology is only part of the equation. And they risk forgetting that humans are at the center of everything.