In: Computer Science
IT/IS security culture can be described as the way we do things around here. What contributes to a company's IT/IS culture?
Answer :
We all are human beings. We do the things what we do, by and large
beacause
it is the way that we have always done them. The same philosphy can
be said
of cultures in our society and even in the organizations for which
we work.
As a whole culture is everything, as it relates to information
security.
In this modern day everyone knows how crucial security is and
how it must be
included into everything an organization does. You can hear about
the data breach
in an Information Security department taht resulted in lost data.
Security is
widespread and mainstream.We need to focus on to build good rules
and behavior
and then informing and enforcing them on the employees so that a
strong security
culture could be build in IT/IS companies.
An organization's security culture requires care and great
consideration. For
this one must have to inverest in security culture. When a security
culture is
built it transform security from one event into a lifecycle that
generates security
returns forever.
There are many things that contributes in comapny's IT/IS culture :
1. Delivering the concept that security culture belongs to everyone :
Employee of company have the opinion that the security
depaertment is responsible
for security. Sustainable security culture requires everyone's
contribution in
organization. So we have to deliver this message that security
belongs to everyone.
2. Focus on security awareness:
Security awareness can be a process of teaching your entire team
the basic lessons of
security. You will have to set each person's ability to judge
threats before asking them
to understand the threats.Security awareness process must be easy
to understand so that
whole employee of the oragranization can understand it.
3. Creating secure development lifecycle :
Secure Development Lifecycle is the root to sustainable security
culture. It is a process
that your organization agrees to perform each software or system
release. It includes all
the specification of the system requirements, threat modellingand
security testing activities.
4. Give reward to those people who do contribute for security:
It ensures that every employees will be contributing in building
security culture. It motivates
employee to do the right thing for security.