Cybersecurity Committee: Creating Cyber Security Leadership and Culture

March 18, 2021

For a more visual presentation, download the Cybersecurity Committee's Step Three Part One infographic here. Otherwise, read the blog below!

Building a Top-Down Culture (CAMS at MIT,
  • Executive Support, Participation and Knowledge
    • Support from Senior Leadership is the crucial first step to the success in building a Cyber Security Culture in your organization. Participation and knowledge are what sustains it.
  • Clear Communication Plan
    • Communication can make or break the plan. Provide good communication early and often to keep your employees informed and engaged. Share successes.
  • Awareness Education/Training
    • Remember, your employees are not Cyber Security Experts. They are good at doing the things that make your organization run. Invest in good tools to education them and make it fun.
  • User Friendly Process/Tools
    • Ease of use goes a long way in adoption of the Cyber Security Culture. If it's difficult and time consuming, employees are likely to go around it.
  • Celebrate the Wins and Don't Promote Shame
    • Remember you are starting from zero. When something good happens, celebrate it. When a mistake is made, learn from it.
  • Performance Evaluation
    • Evaluation starts at the top. Participation and awareness are needed at every level of the organization. Be honest about how your organization is performing.
  • Culture Transformation
    • The goal is to sustain transformation. This isn't a project; it is a culture shift.
Demonstrate How Roles are Dispersed in Different Size Organizations (Matrix of Roles and Organization Size) 
  • Small - All roles under one/two employees
  • Medium - Roles fall under 2-4 employees
  • Large - Rolls are typically separated out to departments for each area
  • Executive Sponsor
  • Communications
  • Policy Maker
  • Procedure Writer
  • Implementation
  • Monitoring/Maintaining
Example from CIS Controls 7.1 of a similar depiction

To learn more from the PSA Cybersecurity Committee, visit!