dido:public:ra:xapend:xapend.a_glossary:c:securityculture
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
dido:public:ra:xapend:xapend.a_glossary:c:securityculture [2020/11/15 17:53] nick created |
dido:public:ra:xapend:xapend.a_glossary:c:securityculture [2022/01/19 11:24] (current) nick |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== CyberSecurity Culture (CSC) ===== | ===== CyberSecurity Culture (CSC) ===== | ||
| - | [[ddsf:private:cookbook:06_append:glossary| Return to Glossary ]] | + | [[dido:public:ra:xapend:xapend.a_glossary:start| Return to Glossary ]] |
| - | ** CyberSecurity Culture (CSC)** of organizations refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding CyberSecurity and how they manifest in people’s behaviour with information technologies. CSC is about making information security considerations an integral part of an employee’s job, habits and conduct,embedding them in their day-to-day actions.Adopting the right approach to information security enables a resilient CSC to develop naturally from the behaviours and attitudes of employees towards information assets at work,1and as part of a company’s wider organisational culture, its CSC can be shaped, directed and transformed.2However, business environments constantly change, hence organisations must actively maintain and adapt their CSC in response to new technologies and threats, as well as their changing goals, processes and structures. A successful CSC shapes the security thinking of all staff (including the security team), improving resilience against all cyber threats, especially when initiated through social engineering,3while avoiding imposing burdensome security steps that prevent staff from effectively performing their key business functions. | + | **CyberSecurity Culture (CSC)** of organizations refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding [[dido:public:ra:xapend:xapend.a_glossary:c:cyber_security]] and how these manifest in people’s behavior with information technologies. **CyberSecurity Culture (CSC)** is about making [[dido:public:ra:xapend:xapend.a_glossary:i:is|information security]] considerations an integral part of an employee’s job, habits and conduct, embedding them in their day-to-day actions. Adopting the right approach to information security enables a resilient **CyberSecurity Culture (CSC)** to develop naturally from the behaviors and attitudes of employees towards information assets at work, and as part of a company’s wider organizational culture, its **CyberSecurity Culture (CSC)** can be shaped, directed and transformed. However, business environments constantly change, hence organizations must actively maintain and adapt their **CyberSecurity Culture (CSC)** in response to new technologies and threats, as well as their changing goals, processes and structures. A successful **CyberSecurity Culture (CSC)** shapes the security thinking of all staff (including the security team), improving resilience against all cyber threats, especially when initiated through social engineering, while avoiding imposing burdensome security steps preventinng staff from effectively performing their key business functions. |
| Source: [[https://www.enisa.europa.eu/publications/cyber-security-culture-in-organisations]] | Source: [[https://www.enisa.europa.eu/publications/cyber-security-culture-in-organisations]] | ||
dido/public/ra/xapend/xapend.a_glossary/c/securityculture.1605480794.txt.gz · Last modified: 2020/11/15 17:53 by nick
