Bookmark and Share

Company Security Culture

How can you bring security issues to senior management and be effective? This was the first question Listyanna Dowell and her participants tackled during their roundtable. Their solution was a simple but poignant one: lead by education. Security executives have a responsibility to explain security issues in a clear way to upper management, who are the ones who will ultimately sign off on resolutions. They take some of the responsibility for these decisions, but so do security executives, so it’s up to the latter to perform their due diligence in locating, remediating, and reporting security issues. In dealing with individuals who are resistant to change, an effective way to convince them is to include it in their bonus, which would be affected based on good and bad security behaviors. To further raise awareness about security culture throughout your organization, security executives should strive to make security interesting. Do away with the boring newsletters that people just delete, and get creative with how you convey security-related information. One participant stated they created short, funny, sitcom-like skits to share with employees. This way the information has a longer-lasting impression.