The Security Culture Playbook. Perry Carpenter
on id="u0d263d16-a8b1-552d-90b0-7c42ab3dcefa">
Table of Contents
1 Cover
3 Introduction What Lies Ahead? Reader Support for This Book
4 Part I: Foundation Chapter 1: You Are Here Why All the Buzz? What Is Security Culture, Anyway? Takeaways Chapter 2: Up-leveling the Conversation: Security Culture Is a Board-level Concern A View from the Top The Implication Getting It Right Takeaways Chapter 3: The Foundations of Transformation The Core Thesis Program Focus Extending the Discussion You Are Always Either Building Strength or Allowing Atrophy Takeaways
5 Part II: Exploration Chapter 4: Just What Is Security Culture, Anyway? Lessons from Safety Culture A Jumble of Terms Security Culture in the Modern Day Takeaways Chapter 5: Critical Concepts from the Social Sciences What's the Real Goal—Awareness, Behavior, or Culture? Coming to Terms with Our Irrational Nature We Are Lazy Why Don't We Just Give Up? Security Culture—A Part of Organizational Culture Takeaways Chapter 6: The Components of Security Culture A Problem of Definition Defining Security Culture The Seven Dimensions of Security Culture The Security Culture Survey Example Findings from Measuring the Seven Dimensions Last Thought Takeaways Note Chapter 7: Interviews with Organizational Culture Experts and Academics John R. Childress, PYXIS Culture Technologies Limited Professor John McAlaney, Bournemouth University, UK Dejun “Tony” Kong, PhD, Muma College of Business, University of South Florida Michael Leckie, Silverback Partners, LLC
6
Part III: Transformation
Chapter 8: Introducing the Security Culture Framework
The Power of Three
Benefits of Using the Security Culture Framework
Takeaways
Chapter 9: The Secrets to Measuring Security Culture
Connecting Awareness, Behavior, and Culture
How Can You Measure the Unseen?
Using Existing Data
The Right Way to Use Data
Methods of Measuring Culture
A/B Testing
Multiple Metrics, Single Score
Trends
A Note Regarding Completion Rates
Takeaways
Chapter 10: How to Influence Culture
Resistance to Change
Be Proactive
Using the Seven Dimensions to Influence Your Security Culture
How Do You Know Which Dimension to Target?
Takeaways
Notes
Chapter 11: Culture Sticking Points
Does Culture Change Have to Be Difficult?
Using