Source: National Cyber Security News
ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture.
Understanding the dynamics of cybersecurity culture
The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations.
This research draws from different disciplines, including organisational sciences, psychology, law and cybersecurity as well as the knowledge and experiences of large European organisations. The report provides good practices, methodological tools and step-by-step guidance for those seeking to commence or enhance their organisation’s cybersecurity culture programme.
The idea behind the concept
Cybersecurity culture refers to the knowledge, beliefs, attitudes, norms and values of people regarding cybersecurity and how these manifest in interacting with information technologies. It reflects the understanding that the organisation’s actions are dependent on shared beliefs, values and actions of its employees, including their attitude towards cybersecurity.
While many organisations and employees are familiar with related concepts such as cybersecurity awareness and information security frameworks, cybersecurity culture covers a broader scope. The idea behind this concept is to make information security considerations an integral part of an employee’s daily life.