Auditing cyber security culture
Technology alone cannot deliver information security. People are a big part of keeping information safe. And the way they behave is in large part determined by your organisation's culture
Our cultural evaluation looks at a number of different areas:.
- We look at the leadership of your organisation and the extent to which they promote cyber security, both in terms of the goals they set the organisation and in the way they behave.
- We look at how the information security team interacts with other managers in your organisation and the extent to which they are supported.
- And we look at the wider culture of the organisation. Are people aware of cyber security risks? Do they regard protecting information and other assets as important? And do they see it as part of their job?
A deep understanding of the way your organisation's culture affects information security is an essential starting point for the process of managing internal cyber risks.