A good security culture in your organisation is an essential component of a robust protective security regime and helps to mitigate against insider threats and external people threats (such as hostile reconnaissance).
Security culture is the set of values, shared by everyone in an organisation, which determine how people are expected to think about and approach security.
The benefits of an effective security culture include:
- employees are engaged with, and take responsibility for, security issues;
- levels of compliance with protective security measures increase;
- the risk of security incidents and breaches is reduced by encouraging employees to think and act in more security conscious ways;
- employees are more likely to report behaviours/activities of concern.
The lack of an effective security regime in support of the insider threat programme and frameworks is always evident in cases of insider activity.