Here are some of the most common indicators of a strong security culture within an organisation:
- A shared belief that security is critical to the organisation’s success
- There are security champions within the organisation who actively lead the security culture. This includes the highest levels of the organisation.
- Security is included within all position descriptions
- People feel safe reporting incidents, even if they caused it
- Budget is allocated to training and testing activities. Training is scheduled and supported with staff being released to partake in training
- Employees professionally correct and help their co-workers to be more secure
- The security team are actively engaged by the whole of the organisation. People feel comfortable asking the security team questions and seeking advice and/or support for projects
- Frequent requests for trainings or briefings on security