Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

The Corporate Culture Perspective

By Pamela Fredericks
September 1, 2007
One could say that organizations are becoming more “cultured” in the ways of good security practices, and are developing a broader perspective, said Pamela Fredericks.


Organizations are in the midst of a cultural evolution, one that is making information security and privacy protection part of expected corporate behaviors. For employees, data breaches and the reality of identity theft have driven home the importance of privacy and protection for personal data on the job – the data in the corporation might well be your own.

For IT, security no longer occupies the “nice to have” category at the bottom of the IT agenda, but has gone straight to the top of the list. If there is no security budget, something must be wrong. The overall result is a corporate shift in attitude, a new mindset where security and privacy controls are increasingly internalized and are slowly becoming standard business practices. At least four elements have contributed to this cultural change.

OPERATIONAL RISK

Security has become part of operational risk. First, information security practices are becoming part of the corporate culture because the majority of organizations now have in place at least some formalized security controls. Whether motivated by regulatory and audit requirements or by partner and customer demands, companies have realized that security controls and attention to privacy are simply good for business. Best practices, laws and standards have routinely cited the importance of a security program that is continuous and ongoing.

Still, until the last several years, security in many companies was often viewed as an obligation rather than a willingly provided service. By now, however, justification and ROI for information protection measures are often no longer required – simply say the words “security controls required to manage corporate risk” and a business case can often be made for new technology, headcount or processes to support security.

PRIVACY IS PERSONAL

Second, the information a company maintains has become broader and increasingly personally identifiable. This hits home with employees and others who use corporate computer systems. Personal information can be tracked through the sales department, human resources, accounting, IT, via Web sites and even through outside service providers. Social Security numbers, credit card or financial information, and other personal data can potentially be stolen at any entry or storage point.

To employees, the need for strong passwords and other measures to control access no longer seems like an annoyance, but an expectation. Now when the security team explains to employees why it’s against company policy to share passwords or post them near workstations, they listen and might even ask where the protections are if they are absent.

BREACH NOTIFICATION

According to the Privacy Rights Clearing-house, there have been over 500 security breaches since 2005, many involving the most respected organizations in the United States. California’s landmark SB-1386 laid the groundwork for more than 35 other states to enact similar breach notification laws.

Specifics vary from state to state, but each law defines what constitutes personal information; who must be notified and when; and any exceptions such as encryption or a “harm threshold.” A harm threshold is a notification that must be made only if there is a reasonable possibility of identity theft. Breach prevention now also requires that information be readily identified as triggering one of the laws.

Equally important, an incident response plan must be created to fulfill the legal requirement and handle consumer inquiries and remediation. All of this has led companies to seriously take stock of personal information in their systems, scale back on what is kept and tightly secure what is retained.

Retention is also a key point for “e-discovery” since a change to the Federal Rules of Civil Procedure late last year made all electronic information discoverable – a topic with many new implications for organizations and how they classify and store data.

PRIVACY AS A PROFESSION

Nearly every Fortune 100 Company now has a chief privacy officer; there is also an expanding base of credentialed individuals who hold the Certified Information Privacy Professional (CIPP) certification from the International Association of Privacy Professionals.

cul·tured adj. having refined taste and manners and a good education.

One could say that organizations are becoming more “cultured” in the ways of good security practices, and are developing a broader perspective toward the topic than previously held.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Pamela Fredericks director of security advisory services for Forsythe Solutions Group.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • The Corporate Culture Perspective

    See More
  • education and training feat

    How the Fear of Terrorism Drives Corporate and National Culture

    See More
  • Team meeting in office

    The evolution of the corporate security mission

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Whitepaper-Social-Media-3.gif

    Optimizing Social Media from a B2B Perspective

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing