📕 Node [[people centric security transforming your enterprise security culture]]
↳ 📓 Resource @bbchase/people centric security transforming your enterprise security culture
- Author:: [[Lance Hayden]]
- Full Title:: People-Centric Security: Transforming Your Enterprise Security Culture
- Category:: [[articles]]
- URL:: https://learning.oreilly.com/library/view/people-centric-security-transforming/9780071846790/
-
-
culture eats strategy for breakfast.
-
when compliance replaces security as the goal, cultural transformation backfires
-
People-centric security implies that without people there is no security, nor any need for it.
-
if you want to really change how security works, you have to change the culture operating beneath it.
-
“We don’t want to just change the mechanics,” they explained, “or to switch out one set of controls or one best practices framework for another. We want to change what security means to the company, and we want to change it for every single person who works here regardless of rank or role.”
-
ISO 27001
-
Technology hackers don’t let others tell them what the system can or cannot do, but instead figure it out for themselves by exploring the system. If you want to hack culture, you have to learn how the culture really works, not just what everyone thinks or expects of it
-
Security is a people challenge, a social and organizational challenge. It’s a cultural challenge.
-
Security is not a technology challenge
-
people, process, and technology
Rendering context...