The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer

Length: 256 pages
Edition: 1
Language: English
Publisher: Wiley
Publication Date: 2022-04-19
ISBN-10: 1119875234
ISBN-13: 9781119875239
Sales Rank: #719339 (See Top 100 Books)

Mitigate human risk and bake security into your organization’s culture from top to bottom with insights from leading experts in security awareness, behavior, and culture.

The topic of security culture is mysterious and confusing to most leaders. But it doesn’t have to be. In The Security Culture Playbook, Perry Carpenter and Kai Roer, two veteran cybersecurity strategists deliver experience-driven, actionable insights into how to transform your organization’s security culture and reduce human risk at every level. This book exposes the gaps between how organizations have traditionally approached human risk and it provides security and business executives with the necessary information and tools needed to understand, measure, and improve facets of security culture across the organization.

The book offers:

An expose of what security culture really is and how it can be measured
A careful exploration of the 7 dimensions that comprise security culture
Practical tools for managing your security culture program, such as the Security Culture Framework and the Security Culture Maturity Model
Insights into building support within the executive team and Board of Directors for your culture management program

Also including several revealing interviews from security culture thought leaders in a variety of industries, The Security Culture Playbook is an essential resource for cybersecurity professionals, risk and compliance managers, executives, board members, and other business leaders seeking to proactively manage and reduce risk.

Cover
Table of Contents
Title Page
Introduction
    What Lies Ahead?
    Reader Support for This Book
Part I: Foundation
    Chapter 1: You Are Here
        Why All the Buzz?
        What Is Security Culture, Anyway?
        Takeaways
    Chapter 2: Up-leveling the Conversation: Security Culture Is a Board-level Concern
        A View from the Top
        The Implication
        Getting It Right
        Takeaways
    Chapter 3: The Foundations of Transformation
        The Core Thesis
        Program Focus
        Extending the Discussion
        You Are Always Either Building Strength or Allowing Atrophy
        Takeaways
Part II: Exploration
    Chapter 4: Just What Is Security Culture, Anyway?
        Lessons from Safety Culture
        A Jumble of Terms
        Security Culture in the Modern Day
        Takeaways
    Chapter 5: Critical Concepts from the Social Sciences
        What's the Real Goal—Awareness, Behavior, or Culture?
        Coming to Terms with Our Irrational Nature
        We Are Lazy
        Why Don't We Just Give Up?
        Security Culture—A Part of Organizational Culture
        Takeaways
    Chapter 6: The Components of Security Culture
        A Problem of Definition
        Defining Security Culture
        The Seven Dimensions of Security Culture
        The Security Culture Survey
        Example Findings from Measuring the Seven Dimensions
        Last Thought
        Takeaways
        Note
    Chapter 7: Interviews with Organizational Culture Experts and Academics
        John R. Childress, PYXIS Culture Technologies Limited
        Professor John McAlaney, Bournemouth University, UK
        Dejun “Tony” Kong, PhD, Muma College of Business, University of South Florida
        Michael Leckie, Silverback Partners, LLC
Part III: Transformation
    Chapter 8: Introducing the Security Culture Framework
        The Power of Three
        Benefits of Using the Security Culture Framework
        Takeaways
    Chapter 9: The Secrets to Measuring Security Culture
        Connecting Awareness, Behavior, and Culture
        How Can You Measure the Unseen?
        Using Existing Data
        The Right Way to Use Data
        Methods of Measuring Culture
        A/B Testing
        Multiple Metrics, Single Score
        Trends
        A Note Regarding Completion Rates
        Takeaways
    Chapter 10: How to Influence Culture
        Resistance to Change
        Be Proactive
        Using the Seven Dimensions to Influence Your Security Culture
        How Do You Know Which Dimension to Target?
        Takeaways
        Notes
    Chapter 11: Culture Sticking Points
        Does Culture Change Have to Be Difficult?
        Using Norms Is a Double-Edged Sword
        Failing to Plan Is Planning to Fail
        If You Try to Work Against Human Nature, You Will Fail
        Not Seeing the Culture You Are Embedded In
        Takeaways
    Chapter 12: Planning and Maturing Your Program
        Taking Stock of What We've Covered
        View Your Culture Through Your Employees' Eyes
        Culture Carriers
        Building and Modeling Maturity
        A Seat at the Table
        Takeaways
    Chapter 13: Quick Tips for Gaining and Maintaining Support
        You Are a Guide
        Sell by Using Stories
        Lead with Empathy, Know Your Audience
        Set Expectations
        Takeaways
    Chapter 14: Interviews with Security Culture Thought Leaders
        Alexandra Panaretos, Ernst & Young
        Dr. Jessica Barker, Cygenta
        Kathryn Djebbar, Jaguar Land Rover
        Lauren Zink, Boeing
        Mark Majewski, Rock Central
        Mo Amin, moamin.com
    Chapter 15: Parting Thoughts
        Engage the Community
        Be a Lifelong Learner
        Be a Realistic Optimist
        Conclusion
Bibliography
Index
Copyright
Dedication
About the Authors
Acknowledgments
End User License Agreement