One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 409082 |
| Date de publication | 2017-09-13 20:07:44 (vue: 2017-09-13 20:07:44) |
| Titre | NBlog September 13 - surveying the corporate security culture |
| Texte |  Inspired perhaps by yesterday's blog about the Security Culture Framework, today we have been busy on a security culture survey, metrics being the first stage of the SCF. We've designed a disarmingly straightforward single-sided form posing just a few simple but carefully-crafted questions around the corporate security culture. Despite its apparent simplicity, the survey form is quite complex with several distinct but related purposes or objectives:Although the form is being prepared as an MS Word document with the intention of being self-completed on paper by respondents (primarily general staff), the form could just as easily be used for an online survey on the corporate intranet, a survey app, or a facilitated survey (like shoppers being stopped in the shopping mall by friendly people with clipboards ... and free product samples to give away).The survey form is of course part of our security awareness product, linking-in with and supporting the other awareness content in October's module on 'security culture', and more broadly with the ongoing awareness program. The style and format of the form should be instantly familiar to anyone who has seen our awareness materials. A short introduction on the form succinctly explains what 'security culture' means and why it is of concern and value to the organization, hence why the survey is being carried out. I'm intrigued by the idea of positioning the entire organization as a 'safe pair of hands' that protects and looks after information: a reasonable objective given the effort involved in influencing the corporate security culture. Even the survey form is intended to raise awareness, in this case making the subtle point that management cares enough about the topic to survey workers' security-related perceptions and behaviors including their attitudes towards management. Conducting the survey naturally implies that management will consider and act appropriately on the results. We take that implied obligation seriously, and will have more to say about it in the module's train-the-trainer guide. The survey is more than just a paper exercise or an awareness item: respondents will have perfectly reasonable expectations merely as a result of participating.The survey questions themselves are designed to gather measurable responses i.e. data on a few key criteria or aspects of 'security culture'. We have more work to do on the questions, and even when we're done we hope our customers will adapt them to suit their specific needs (e.g. |
| Envoyé | Oui |
| Condensat | a at conducting despite even for the today we 101 101: the about act action adapt addressed after again all anonymity answer anyone app apparent appear approach appropriately are area around aspect aspects attitudes attractive award awareness away bad because been behaviors including their attitudes being beneath blog broadly bronze business busy but can carefully cares carried case clipboards comment complete completed complex compliance concern concerns concerted consider construct content context corporate could course crafted criteria culture customers data day deliberately deserve designed develop direct disarmingly distinct document does done draw: dynamic each easily easy effort either elaborate elevator email employees encourage enough entire even excellent exercise expand expectations explain explains exploring express extremely face faceted facilitated familiar feasible feat feel first form format forms framework free friendly from further gained gather general generated getting give given gold guide hands hardest has have hence hope hopefully horse how idea ideal illustrate illustrating implied implies included inducement influence influencing information information: infosec insightful inspired instantly intended intention interactive interest intranet intrigued introduction investment involved issue issues item: its just key known less level like linking little looks lot made maintain make making mall management materials may mean meaningful means measurable measuring mention mentioned mentioning menu merely metric metrics might module module: more mouth multi naturally nblog need needs not noticebored numeric objective objectives:although obligation october offered offering often once ongoing online open opinions opportunity organization other out page pair paper part participating particular particularly parties: people pep perceptions perfectly perhaps perspectives piece pieces pitch pithiest pithy plus point populations pose posing positioning possibility possible potential powerful prepare prepared previously primarily prize product program protects provided purpose purposes questions quick quite quotations quotes raise read really reasonable reasons related relation reports respondents responses result results reverse rewards routinely safe samples say scf security seen self separate september seriously several sheet shoppers shopping short shortest should show sided silver simple simplicity single social some sort spaces specific staff stage starters statistically stopped straightforward style subscribers subtle succinctly sufficient suggestion suggests suit supporting surprising survey surveying take tease terms than that them themselves there things thinking third though time topic towards train trainer used valid value very views want web well what when who whole why wide will word work workers worth would yesterday yet |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.