Information security strategy, not technology, determines the maturity of the information security culture and behaviour in an organisation.
Welcome to my blog. I have questions about the way we work and I put my thoughts here. I hope you have a nice stay!
Information security strategy, not technology, determines the maturity of the information security culture and behaviour in an organisation.
To effect a change in information security culture and behaviour we need to influence both what people think and what people do.
The language used to describe people as part of our information security systems is revealing. We talk about ‘patching the human’ and ‘building the human firewall’. We need to find our way to a more positive information security culture that places people at the centre of a system that is resilient, adaptive, and effective.