Weak information security culture has led to unwanted exposures of personal sensitive information of billions of individuals worldwide, and information security attacks are a major concern.
In KnowBe4's research, they have developed and investigated seven key dimensions of security culture; employee attitudes to security and policies, behaviors, cognitive processes surrounding security, quality of communication, compliance to security policies, organizational unwritten rules or norms, and individual responsibilities.
Information about these dimensions is vital when it comes to improving security culture, and thus reducing risk in the organization. This text builds on CLTRe’s model for measuring security culture and provides a comprehensive resource for practitioners seeking a deeper understanding of the dimensions that comprise security culture. Knowing what these dimensions are, how they relate to security, and how they can be positively influenced, will provide practitioners with the tools and practical advice needed to start building and improving security culture in organizations.