Cybersecurity Committee: Creating Cyber Security Leadership and Culture
For a more visual presentation, download the Cybersecurity Committee’s Step Three Part One infographic here. Otherwise, read the blog below!
Building a Top-Down Culture (CAMS at MIT, Cira.ca)
- Executive Support, Participation and Knowledge
- Support from Senior Leadership is the crucial first step to the success in building a Cyber Security Culture in your organization. Participation and knowledge are what sustains it.
- Clear Communication Plan
- Communication can make or break the plan. Provide good communication early and often to keep your employees informed and engaged. Share successes.
- Awareness Education/Training
- Remember, your employees are not Cyber Security Experts. They are good at doing the things that make your organization run. Invest in good tools to education them and make it fun.
- User Friendly Process/Tools
- Ease of use goes a long way in adoption of the Cyber Security Culture. If it’s difficult and time consuming, employees are likely to go around it.
- Celebrate the Wins and Don’t Promote Shame
- Remember you are starting from zero. When something good happens, celebrate it. When a mistake is made, learn from it.
- Performance Evaluation
- Evaluation starts at the top. Participation and awareness are needed at every level of the organization. Be honest about how your organization is performing.
- Culture Transformation
- The goal is to sustain transformation. This isn’t a project; it is a culture shift.
Demonstrate How Roles are Dispersed in Different Size Organizations (Matrix of Roles and Organization Size)
- Small – All roles under one/two employees
- Medium – Roles fall under 2-4 employees
- Large – Rolls are typically separated out to departments for each area
- Executive Sponsor
- Policy Maker
- Procedure Writer
Example from CIS Controls 7.1 of a similar depiction
To learn more from the PSA Cybersecurity Committee, visit PSAEducation.com!