Perry Carpenter - The Security Culture Playbook

1 Cover

2 Title Page The Security Culture Playbook Perry Carpenter Kai Roer

3 Introduction What Lies Ahead? Reader Support for This Book

4 Part I: Foundation Chapter 1: You Are Here Why All the Buzz? What Is Security Culture, Anyway? Takeaways Chapter 2: Up-leveling the Conversation: Security Culture Is a Board-level Concern A View from the Top The Implication Getting It Right Takeaways Chapter 3: The Foundations of Transformation The Core Thesis Program Focus Extending the Discussion You Are Always Either Building Strength or Allowing Atrophy Takeaways

5 Part II: Exploration Chapter 4: Just What Is Security Culture, Anyway? Lessons from Safety Culture A Jumble of Terms Security Culture in the Modern Day Takeaways Chapter 5: Critical Concepts from the Social Sciences What's the Real Goal—Awareness, Behavior, or Culture? Coming to Terms with Our Irrational Nature We Are Lazy Why Don't We Just Give Up? Security Culture—A Part of Organizational Culture Takeaways Chapter 6: The Components of Security Culture A Problem of Definition Defining Security Culture The Seven Dimensions of Security Culture The Security Culture Survey Example Findings from Measuring the Seven Dimensions Last Thought Takeaways Note Chapter 7: Interviews with Organizational Culture Experts and Academics John R. Childress, PYXIS Culture Technologies Limited Professor John McAlaney, Bournemouth University, UK Dejun “Tony” Kong, PhD, Muma College of Business, University of South Florida Michael Leckie, Silverback Partners, LLC

6 Part III: Transformation Chapter 8: Introducing the Security Culture Framework The Power of Three Benefits of Using the Security Culture Framework Takeaways Chapter 9: The Secrets to Measuring Security Culture Connecting Awareness, Behavior, and Culture How Can You Measure the Unseen? Using Existing Data The Right Way to Use Data Methods of Measuring Culture A/B Testing Multiple Metrics, Single Score Trends A Note Regarding Completion Rates Takeaways Chapter 10: How to Influence Culture Resistance to Change Be Proactive Using the Seven Dimensions to Influence Your Security Culture How Do You Know Which Dimension to Target? Takeaways Notes Chapter 11: Culture Sticking Points Does Culture Change Have to Be Difficult? Using Norms Is a Double-Edged Sword Failing to Plan Is Planning to Fail If You Try to Work Against Human Nature, You Will Fail Not Seeing the Culture You Are Embedded In Takeaways Chapter 12: Planning and Maturing Your Program Taking Stock of What We've Covered View Your Culture Through Your Employees' Eyes Culture Carriers Building and Modeling Maturity A Seat at the Table Takeaways Chapter 13: Quick Tips for Gaining and Maintaining Support You Are a Guide Sell by Using Stories Lead with Empathy, Know Your Audience Set Expectations Takeaways Chapter 14: Interviews with Security Culture Thought Leaders Alexandra Panaretos, Ernst & Young Dr. Jessica Barker, Cygenta Kathryn Djebbar, Jaguar Land Rover Lauren Zink, Boeing Mark Majewski, Rock Central Mo Amin, moamin.com Chapter 15: Parting Thoughts Engage the Community Be a Lifelong Learner Be a Realistic Optimist Conclusion

7 Bibliography

8 Index

9 Copyright

10 Dedication

11 About the Authors

12 Acknowledgments

13 End User License Agreement

1 Chapter 12Table 12.1 Example Culture Maturity Indicators (CMIs) across various catego...

1 Chapter 1 Figure 1.1 Organizations globally have invested massively on cybersecurity, ... Figure 1.2 Hacking the human yields the highest ROI for attackers.

2 Chapter 2 Figure 2.1 Cybersecurity spending has effectively ignored the main cause of ...

3 Chapter 3 Figure 3.1 Your program's focus will either produce limited benefit or be tr... Figure 3.2 Example visualization of a standard/generic maturity model Figure 3.3 Another common maturity model visualization Figure 3.4 The Security Culture Maturity Model

4 Chapter 6Figure 6.1 Visualizing the seven dimensions of security cultureFigure 6.2 Use of shadow IT across regionsFigure 6.3 Employees struggle to properly classify information.

5 Chapter 8Figure 8.1 The Security Culture Framework at a glanceFigure 8.2 Step 1: MeasureFigure 8.3 Step 2: InvolveFigure 8.4 Step 3: Engage

6 Chapter 9Figure 9.1 An example graph depicting trends for awareness, behavior, and cu...

7 Chapter 10Figure 10.1 Knowledge and attitudes each can influence behavior. But attitud...Figure 10.2 Three truths about human nature.

8 Chapter 12Figure 12.1 The Security Culture Maturity Model (SCMM)Figure 12.2 KnowBe4's immense dataset provides unique value to inform our mo...Figure 12.3 Example data overlay with the SCMMFigure 12.4 Example of the SCMM showing maturity across organizational score...Figure 12.5 Example of the SCMM showing multiple CMIs of a single organizati...

9 Chapter 13Figure 13.1 Example brainstorming worksheet for gaining supportFigure 13.2 Example brainstorming worksheet for gaining support (continued)...

1 Cover Page

2 Title Page The Security Culture Playbook Perry Carpenter Kai Roer

3 Copyright

4 Dedication

5 About the Authors

6 Acknowledgments

7 Introduction

8 Table of Contents

9 Begin Reading

10 Bibliography

11 Index

12 WILEY END USER LICENSE AGREEMENT

1 i

2 ii

3 iii

4 iv

5 v

6 xxv

7 xxvi

8 xxvii

9 xxviii

10 xxix

11 xxx

12 1

13 3

14 4

15 5

16 6

17 7

18 8

19 9

20 10

21 11

22 12

23 13

24 14

25 15

26 16

27 17

28 18

29 19

30 20

31 21

32 22

33 23

34 24

35 25

36 27

37 28

38 29

39 30

40 31

41 32

42 33

43 34

44 35

45 36

46 37

47 38

48 39

49 41

50 42

51 43

52 44

53 45

54 46

55 47

56 48

57 49

58 50

59 51

60 53

61 54

62 55

63 56

64 57

65 58

66 59

67 60

68 61

69 62

70 63

71 64

72 65

73 66

74 67

75 68

76 69

77 70

78 71

79 72

80 73

81 74

82 75

83 77

84 78

85 79

86 80

87 81

88 82

89 83

90 84

91 85

92 86

93 87

94 88

95 89

96 90

97 91

98 92

99 93

100 94

101 95

102 96

103 97

104 98

105 99

106 100

107 101

108 102

109 103

110 104

111 105

112 106

113 107

114 108

115 109

116 110

117 111

118 112

119 113

120 114

121 115

122 116

123 117

124 118

125 119

126 120

127 121

128 122

129 123

130 124

131 125

132 126

133 127

134 128

135 129

136 130

137 131

138 132

139 133

140 134

141 135

142 136

143 137

144 138

145 139

146 140

147 141

148 142

149 143

150 144

151 145

152 146

153 147

154 149

155 150

156 151

157 152

158 153

159 154

160 155

161 156

162 157

163 158

164 159

165 160

166 161

167 162

168 163

169 164

170 165

171 166

172 167

173 168

174 169

175 170

176 171

177 172

178 173

179 174

180 175

181 177

182 178

183 179