ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture. The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations.
This research draws from different disciplines, including organisational sciences, psychology, law and cybersecurity as well as the knowledge and experiences of large European organisations. The report provides good practices, methodological tools and step-by-step guidance for those seeking to commence or enhance their organisation’s cybersecurity culture programme.
Cybersecurity culture refers to the knowledge, beliefs, attitudes, norms and values of people regarding cybersecurity and how these manifest in interacting with information technologies. It reflects the understanding that the organisation’s actions are dependent on shared beliefs, values and actions of its employees, including their attitude towards cybersecurity.
Read more about why organisations are in need of a cybersecurity culture and how this can be developed, on Help Net Security.