https://community.isc2.org/t5/Tech-Talk/ENISA-cybersecurity-culture/m-p/21554#M1186 <P>One excerpt from it so true:</P><P>Organisations should strive for adherence (active participation) rather than compliance - rapidly emerging<BR />threats require employees who are engaged and willing to step up. Organisational leadership has a key<BR />role in developing effective and workable security - by helping security specialists to fit security into the<BR />business, breaking down silos and leveraging other organisational capabilities (safety, HR,<BR />communications) - but not least by setting the tone and leading by example. Measures to improve security<BR />behaviour should be an ongoing, iterative process - the human factor in cyber-security is never ‘solved’,<BR />and there is no simple ‘solution’, but human skills and knowledge, rather than vulnerabilities, can be made<BR />to work in favour of an organisation’s defensive cybersecurity.</P> Thu, 25 Apr 2019 08:27:54 GMT leroux 2019-04-25T08:27:54Z https://community.isc2.org/t5/Tech-Talk/ENISA-cybersecurity-culture/m-p/21514#M1185 <P>Probably one of the more relevant reports on how to avoid typical security programme pitfalls you'll read.</P><P>&nbsp;</P><P><A href="https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural-aspects-of-cybersecurity" target="_blank">https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural-aspects-of-cybersecurity</A></P> Tue, 23 Apr 2019 13:51:54 GMT https://community.isc2.org/t5/Tech-Talk/ENISA-cybersecurity-culture/m-p/21514#M1185 Steve-Wilme 2019-04-23T13:51:54Z https://community.isc2.org/t5/Tech-Talk/ENISA-cybersecurity-culture/m-p/21554#M1186 <P>One excerpt from it so true:</P><P>Organisations should strive for adherence (active participation) rather than compliance - rapidly emerging<BR />threats require employees who are engaged and willing to step up. Organisational leadership has a key<BR />role in developing effective and workable security - by helping security specialists to fit security into the<BR />business, breaking down silos and leveraging other organisational capabilities (safety, HR,<BR />communications) - but not least by setting the tone and leading by example. Measures to improve security<BR />behaviour should be an ongoing, iterative process - the human factor in cyber-security is never ‘solved’,<BR />and there is no simple ‘solution’, but human skills and knowledge, rather than vulnerabilities, can be made<BR />to work in favour of an organisation’s defensive cybersecurity.</P> Thu, 25 Apr 2019 08:27:54 GMT https://community.isc2.org/t5/Tech-Talk/ENISA-cybersecurity-culture/m-p/21554#M1186 leroux 2019-04-25T08:27:54Z https://community.isc2.org/t5/Tech-Talk/ENISA-cybersecurity-culture/m-p/21604#M1193 <P>&nbsp;</P><P>So very true. An organization won't be adequately secure unless it's culture is geared properly, for which senior management must support a strategy that aims to achieve this...</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 26 Apr 2019 10:14:43 GMT https://community.isc2.org/t5/Tech-Talk/ENISA-cybersecurity-culture/m-p/21604#M1193 Shannon 2019-04-26T10:14:43Z