Competence Is A Vital Part Of Building Security Culture

By   ISBuzz Team
Writer , Information Security Buzz | Apr 28, 2014 01:34 am PST

From all of the security controls an organization could deploy, which one do you feel adds the most actual value for day-to-day information security and why?

In my opinion, there is but one control that is key to all the others: Competence. Competence comes in a number of ways, including:

– Awareness (ability to recognize a situation, and act on it)

– Skills (ability to do a task correctly)

– Motivation (ability to do the right call of action, even if there are easier ones available)

This is obviously not a complete list!

From a security perspective, competence is the control that enables the organization to recognize threats early, to act on an incident in a constructive and loss-reducing way, and a key to have your employees accept and follow the policies you implement.

Competence is a vital part of building security culture. Building and maintaining security culture should focus on building competence, and then use policies and technology to make it easy for the employees to do the right thing. After all, if I do not know what response you expect me to take during an incident, how can I do the right thing?

If you are uncertain of how to build security culture, you can always partake in our discussion at the Security Culture Framework community: It is even free.

Kai Roer | The Roer Group | Senior Partner | @kairoer

To find out more about our panel members visit the biographies page.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x