In this presentation, we introduce the Security Culture Framework (the free and open framework to build and maintain security culture), and explain how the Community, 3rd party partners and The Roer Group works together to create a full ecosystem of security culture.
You can join the movement at https://scf.roer.com
2. Security Culture
“
” Kai Roer, Founding Partner
https://scf.roer.com
The ideas, customs, and social
behavior of a particular people or
society, that allows them to be free
from danger or threats.
4. ● Assess where you currently are
○ Create baselines
○ Understand what to measure
○ Understand how to measure
● Visualise where you would actually like
to be
○ Define clear (SMART) goals
○ Describe the goal using metrics
https://scf.roer.com
The Security Culture Framework
Know Your Goals
5. The Security Culture Framework
● Look at who you will need to involve
along the journey
○ HR, Marketing and PR
○ CxO, Employees, Stakeholders
● Analyze the audience
○ Who are my target audience?
○ What do they care about?
○ How do they communicate?
○ How do I best adapt the security
https://scf.roer.com
message to their needs?
Know Your Audience
6. The Security Culture Framework
● Choose and use topics and
https://scf.roer.com
activities that leads towards your
defined goals
● Use different activities to build
competence
● Drive behavioral change through
topics and activities that are
relevant to your program
Know Your Topics
7. ● Plan for success!
● Organize the work in time-limited
Campaigns to help you stay in control
● Run campaigns in parallel in larger
organizations to target different
audiences, topics and goals
● Run Campaigns in series to build a
complete security culture program
https://scf.roer.com
The Security Culture Framework
Know Your Plan
9. The Community
https://scf.roer.com
The Security Culture Framework: Templates and methodology
Free Paid, Optional: 3rd party Paid, The Roer Group
Manage Internally
● The framework is free and open
● Download templates
● How-To guides for each template
● Published with a Creative Commons
license.
● https://scf.roer.com
10. The Community
https://scf.roer.com
The Security Culture Framework: Templates and methodology
Free Paid, Optional: 3rd party Paid, The Roer Group
Manage Internally
● Manage your own
Security Culture Program
● Use internal resources
● Low budget, full ownership
● Total control
11. The Community
https://scf.roer.com
The Security Culture Framework: Templates and methodology
Free Paid, Optional: 3rd party Paid, The Roer Group
Manage Internally
● Use the Community for support and
learning
● Free and open access
● Register to post questions and
comments
● Help build and spread the
competence!
13. The Community
Manage Internally
https://scf.roer.com
○ Design and manage program
○ Execute program
○ Run metrics and revisions
● Certified partners available in USA
Certified Consulting Partner
● Partners to help:
and Europe
The Security Culture Framework: Templates and methodology
Free Paid, Optional: 3rd party Paid, The Roer Group
15. The Security Culture Framework
Certification
Internal Training
https://scf.roer.com
Program
Online
Learn!
by Roer
Intelligence
Reports
SCF
Application
Tools
Security Culture
Program
Security Culture
Campaign
Consulting
On-Site
Remote
Coaching
Services from The Roer
Group
16. Certification
Internal
Training
Program
Online
Learn!
by Roer
https://scf.roer.com
The Security Culture Framework
● Professional training
○ Online (recorded and live)
○ On-Site (adapted to your needs)
○ Certified Security Culture Practitioner
● Options
○ Keynotes
○ Talks and Workshops
○ Round Table Facilitation
Services from The Roer
Group
17. Security
Culture
Program
Security
Culture
Campaign
https://scf.roer.com
● Campaign Mode
○ 12 weeks campaign
○ Define goals, target audience and activities
○ Execute, Measure and Report
● Program Mode
○ 18 months
○ Up to 6 Campaigns in serie
○ Program goals breaks down to Campaign goals
Consulting
The Security Culture Framework
Services from The Roer
Group
18. On-Site
Remote
Services from The Roer
https://scf.roer.com
The Security Culture Framework
● Remote Coaching
○ Phone and email
○ Unlimited* access to coach
○ Fixed fee = low risk
● On-Site Coaching
○ Phone, email and On-Site
○ Unlimited* access to coach
○ Fixed fee** = low risk
Coaching
*: Unlimited access means a maximum
of 10 coaching hours per month.
**: Fixed fee does not include
travel+accommodation as required.
Group
19. Intelligence
Reports
SCF
Application
https://scf.roer.com
The Security Culture Framework
● Intelligence
○ What are the trends?
● Reports
○ How do we compare to others?
● SCF Application
○ Manage your Security Culture Program
Tools ○ Annual Subscription
Services from The Roer
Group
21. Certification
Internal
Training
Program
Online
Manage Internally
https://scf.roer.com
Intelligence
Reports
SCF
Application
On-Site
Remote
Certified Consulting Partner
Security
Culture
Program
Security
Culture
Campaign
The Security Culture Framework: Templates and methodology
The
Community
Free Paid, Optional: 3rd party Paid, The Roer Group
Learn!
by Roer
Tools
Consulting
Coaching