===== CyberSecurity Culture (CSC) =====
[[dido:public:ra:xapend:xapend.a_glossary:start| Return to Glossary ]]

**CyberSecurity Culture (CSC)** of organizations refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding  [[dido:public:ra:xapend:xapend.a_glossary:c:cyber_security]] and how these manifest in people’s behavior with information technologies. **CyberSecurity Culture (CSC)** is about making [[dido:public:ra:xapend:xapend.a_glossary:i:is|information security]] considerations an integral part of an employee’s job, habits and conduct, embedding them in their day-to-day actions. Adopting the right approach to information security enables a resilient **CyberSecurity Culture (CSC)** to develop naturally from the behaviors and attitudes of employees towards information assets at work, and as part of a company’s wider organizational culture, its **CyberSecurity Culture (CSC)** can be shaped, directed and transformed. However, business environments constantly change, hence organizations must actively maintain and adapt their **CyberSecurity Culture (CSC)** in response to new technologies and threats, as well as their changing goals, processes and structures. A successful **CyberSecurity Culture (CSC)** shapes the security thinking of all staff (including the security team), improving resilience against all cyber threats, especially when initiated through social engineering, while avoiding imposing burdensome security steps preventinng staff from effectively performing their key business functions.


Source: [[https://www.enisa.europa.eu/publications/cyber-security-culture-in-organisations]]