According to Lance Hayden, Managing Director of Berkeley Research Group, harnessing the power of people and culture is the next great frontier for information security. Security culture reflects the beliefs and values of the people that make up your organization. They are intangible and embedded in thoughts and minds. An organization can’t directly observe them, so the questions remains: how does one best measure organizational security culture? How long, metaphorically, is our piece of cultural string?
Why is it important to know about an organization’s security culture?