Every organization that is concerned about protecting its information assets and systems—basically all organizations in today’s networked and digital society—has an information security culture.
Most organizations, in fact, have multiple information security cultures, reflections of local values and priorities, and not everyone inside the organization is going to share the same beliefs and assumptions about how security should and does work. What the information security team values and thinks is most important for protecting the organization will probably be different, at least in degree, from what HR (or Internal Audit, or Facilities, etc.) values and thinks is most important. In benign cases, these culture characteristics coexist peacefully, never having cause to interview with one another. But more often, they eventually compete. That competition may occur over resources, over money, or over simple political infighting. But the security culture that dominates, including the values and priorities that drive decisions and spending, will have profound implications for the organization’s performance in regard to information security.
BRG Security Culture services are designed to advise clients throughout the cultural improvement lifecycle. BRG experts provide education and guidance at all organizational levels, including board-level communications about general cybersecurity and security culture. Our professionals can advise on identifying cultural risks, measuring security culture types and attributes, and assessing the reliability of enterprise security behaviors.
For more information on these services and on creating or improving your organization’s cultural firewall, contact or David Phillips.
Berkeley Research Group (BRG) is a different kind of consulting firm: one that makes intelligence work by combining data analysis with extensive sector experience, creative perspectives with deep business acumen, and big-picture thinking with executable direction to help you stay ahead of what’s next.