SlideShare a Scribd company logo

Bridging the cybersecurity culture gap

S
Sherry Jones
1 of 6
Download to read offline
9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 1 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap September 16, 2016 Bridging the cybersecurity culture gap Commentary: Organizations should consider how the idea of workplace safety has evolved if they want strategies for baking cybersecurity into their culture. BIO By JR Reagan MARCH 25, 2016 3:00 PM "Safety First” signs seem almost cliché now — not so in the years prior to the Industrial Revolution. (iStockphoto) Everyone seems to be talking about “workplace culture” these days. GUEST COLUMNS Left wide open: Encryption and the public sector CYBERSECURITY Do we need a new language to describe cybersecurity? CYBERSECURITY Why you can’t decide (And what to do about it) GUEST COLUMNS The innovator’s mindset RELATED ARTICLES NEWS EVENTS TV RADIO PEOPLE SUBSCRIBE CHANGE SCOOP !" SUBSCRIBE CONNECT WITH US
9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 2 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap Although the concept has been around since the 1980s, businesses and government agencies are now realizing the importance of “the way we do things around here” to retaining valued employees and adding value to the enterprise, according to a Deloitte University Press report. Now, some want to apply the concept to cybersecurity. Instilling a “cybersecurity culture” could improve any organization’s ability to safeguard its data, systems and networks, the theory goes. The National Cyber Security Alliance calls for a “culture of awareness” around cybersecurity in every workplace. But how do we make this happen? How do we create a culture in our organizations in which cybersecurity is a top priority at every level, from the boardroom to the break room? For clues, we might look to security’s cousin, safety. Although preventing accidents at work is a given in most workplaces today — so much so that “Safety First” signs seem almost cliché — safety hasn’t always been a priority. Since the Industrial Revolution, workplace safety has undergone a number of transformations, with many injuries, deaths, and lessons learned along the way. Accidents became the exception rather than the rule only in the last 50 years or so, since organizations began examining attitudes and perceptions around safety throughout the workplace, and how they affect practices. The Australian Radiation Protection and Nuclear Safety Agency traces the evolution of safety in several stages, or “ages”: The age of technology: Starting with the Industrial Revolution some 250 years ago, machinery failures and flaws bore most of the blame for workplace accidents. Engineers strove to improve worker and plant safety by designing safer technology. The age of the human: After major accidents such as the Three Mile Island nuclear meltdown in 1979 pointed to human as well as technical deficiencies, engineers began factoring the human into their designs, aimed at correcting, compensating for, and even anticipating mistakes. The age of the organization: Disasters including an airplane Cybersecurity Insights & Perspectives Invincea's Anup Ghosh on using machine learning to improve cybersecurity detection capabilities Cybersecurity Insights & Perspectives Veracode's Chris Wysopal talks about the impact of '90s hacker think tank Content from Sponsors DHS' Vincent Sritapan on federal IT modernization September 20, 2016 Leveraging Your Workforce in the New Communications Era September 28, 2016 Privileged User & Insider Threat Federal 2016 Ponemon Survey Findings October 05, 2016 VIEW ALL TV/RADIO EVENTS
9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 3 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap crash and an oil spill prompted a new look at assumptions around safety — with people asking not only how these accidents happened, but why. Human and even technical failures were seen as the tip of the iceberg, indicating a lack of leadership at the highest levels, prompting a focus on improving an organization’s “safety culture.” Evolving out risk Researcher Philip Sutton lists four shifts in emphasis characterizing the evolution of workplace safety culture: From employee responsibility to management responsibility. From post-accident coping to prevention. From non-systematic management to whole-system management. From risk reduction to risk elimination. When managers took up the safety mantle — establishing and enforcing protocols around safety, providing worker training, and encouraging supervisors and employees to report hazards — accidents and injuries declined sharply. Eventually, most organizations established strong workplace safety programs aiming not just to minimize risk, but to eliminate it altogether, according to report in the Huffington Post. The impetus for these changes came from organized labor and laws, but they succeeded only where top-level executives encouraged and supported them. Studies have shown a direct correlation between management commitment and worker safety. In other words, to instill a culture of safety in any workplace, the impetus must come from the highest levels — and the message must be, “We are all in this together.” When every employee, from entry- level to executive, feels a vested interest in their own safety as well as that of colleagues and even the organization itself, then the goal of “zero risk” may at last become attainable. Could the same be true for cybersecurity? The cybersecurity shift October 05, 2016 What Hackers Reveal About IT Vulnerabilities VIEW ALL
9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 4 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap JR Reagan writes regularly for FedScoop on technology, innovation and cybersecurity issues. In the “Technological Revolution” of today, new technologies have exposed our workplaces and employees to new threats —of identity theft; data theft and manipulation; compromises of confidential, even proprietary information, and more. Initially, organizations focused on improving the technology with firewalls, anti-virus software, malware scanners and other “fixes.” Then, however, hackers began using phishing and social-engineering schemes to gain access to systems, requiring a shift in focus to the humans using them. As large-scale breaches continue, however, cybersecurity, too, may need a cultural shift — one that, like successful safety cultures, is designed around processes, not functions; is inclusive and collaborative across all departments, offices, and levels; encourages and incentivizes shared responsibility, and retains flexibility, allowing us to learn, change, and grow. Changing a workplace’s culture can be daunting, especially across multiple agencies or locations. But, as advances in workplace safety show, it’s doable with support from the top — and the “trickle-down” effect, resulting in buy-in at every level, may help us not only to reduce risk, but to eliminate it. As we look toward the future — a continual mandate in the cybersecurity profession — we would do well to consider the lessons of the past, and what has worked in other realms such as organizational safety, and safety culture. How can we rally our workforces around cybersecurity in a way that goes to the very heart of our organizations — to the culture that defines us? JR Reagan is the global chief information security officer of Deloitte. He also serves as professional faculty at Johns Hopkins, Cornell and Columbia universities. Follow him @IdeaXplorer. Read more from JR Reagan.
9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 5 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap -Explore Stories in Commentary- NEWS > COMMENTARY -In this Story- Tech, Cybersecurity, Commentary, Guest Columns Stay alert to all the latest government IT news. SIGN UP TODAY 0 Comments FedScoop SherryJones! Share⤤ Sort by Best Start the discussion… Be the first to comment. Subscribe✉ Add Disqus to your site Add Disqus Addd Privacy% Recommend♥ 2 JOIN THE CONVERSATION ABOUT / CONTACT LEADERSHIP TEAM EDITORIAL TEAM CONTRIBUTE CAREERS 3 top change management missteps — and how to avoid them Left wide open: Encryption and the public sector The secret to a strong cyber defense: Talk about it
9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 6 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap # $ % & ' + ) BACK TO TOPCOPYRIGHT 2008-2016 FEDSCOOP. ALL RIGHTS RESERVED. ∠

Recommended

White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...Security Innovation
 
TurnUpToLearn_2016
TurnUpToLearn_2016TurnUpToLearn_2016
TurnUpToLearn_2016Dave Uhl ADI
 
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-RoundtableTMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-RoundtableLaura Tibbo
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
Internal Fraud conference 2013 - Effective Whistleblowing Policy to fight Fraud
Internal Fraud conference 2013 - Effective Whistleblowing Policy to fight FraudInternal Fraud conference 2013 - Effective Whistleblowing Policy to fight Fraud
Internal Fraud conference 2013 - Effective Whistleblowing Policy to fight FraudMarc Ronez
 
L123
L123L123
L123Btyy121
 
Industry Insights from Infosecurity Europe 2016
Industry Insights from Infosecurity Europe 2016Industry Insights from Infosecurity Europe 2016
Industry Insights from Infosecurity Europe 2016Tripwire
 
McCourtBooklet_LR (1) (1)
McCourtBooklet_LR (1) (1)McCourtBooklet_LR (1) (1)
McCourtBooklet_LR (1) (1)Mark McCourt
 

Recommended

White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...Security Innovation
 
TurnUpToLearn_2016
TurnUpToLearn_2016TurnUpToLearn_2016
TurnUpToLearn_2016Dave Uhl ADI
 
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-RoundtableTMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-RoundtableLaura Tibbo
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
Internal Fraud conference 2013 - Effective Whistleblowing Policy to fight Fraud
Internal Fraud conference 2013 - Effective Whistleblowing Policy to fight FraudInternal Fraud conference 2013 - Effective Whistleblowing Policy to fight Fraud
Internal Fraud conference 2013 - Effective Whistleblowing Policy to fight FraudMarc Ronez
 
L123
L123L123
L123Btyy121
 
Industry Insights from Infosecurity Europe 2016
Industry Insights from Infosecurity Europe 2016Industry Insights from Infosecurity Europe 2016
Industry Insights from Infosecurity Europe 2016Tripwire
 
McCourtBooklet_LR (1) (1)
McCourtBooklet_LR (1) (1)McCourtBooklet_LR (1) (1)
McCourtBooklet_LR (1) (1)Mark McCourt
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityReading Works Detroit
 
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...AIIM International
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringMike Murray
 
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...TJR Global
 
Takeaways from Black Hat 2016
Takeaways from Black Hat 2016Takeaways from Black Hat 2016
Takeaways from Black Hat 2016Tripwire
 
Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Aurelijus Stanislovaitis
 
16231
1623116231
16231James Grant
 
Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Guy Pearce
 
Bt tower v1.1
Bt tower v1.1Bt tower v1.1
Bt tower v1.1Prof John Walker FRSA Purveyor Dark Intelligence
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?Jacklin Berry
 
Rocket Fuel - Black Friday 2015 UK (1)
Rocket Fuel - Black Friday 2015 UK (1)Rocket Fuel - Black Friday 2015 UK (1)
Rocket Fuel - Black Friday 2015 UK (1)Michael Sharman
 
professional profile
professional profileprofessional profile
professional profileMelanie Fischer
 
CV amccann
CV amccannCV amccann
CV amccannAisling McCann
 
2013 Peter Williams AIMS Mapping Presentation
2013 Peter Williams AIMS Mapping Presentation2013 Peter Williams AIMS Mapping Presentation
2013 Peter Williams AIMS Mapping PresentationPeter Williams
 
BnSeries_Textures
BnSeries_TexturesBnSeries_Textures
BnSeries_TexturesTyler Harris
 
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_eng
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_engGüneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_eng
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_engÖmer Şenkardeş
 
Nomimes etairies stoiximaton
Nomimes etairies stoiximatonNomimes etairies stoiximaton
Nomimes etairies stoiximatonBetcatalog Net
 
Austin morin reflection
Austin morin reflectionAustin morin reflection
Austin morin reflectionAustin Morin
 
Do we need a new language to describe cybersecurity?
Do we need a new language to describe cybersecurity?Do we need a new language to describe cybersecurity?
Do we need a new language to describe cybersecurity?Sherry Jones
 
Family fun at BCC Cinemas
Family fun at BCC CinemasFamily fun at BCC Cinemas
Family fun at BCC CinemasLee Staddon
 
Great neck school budget 2016-2017 analysis
Great neck school budget 2016-2017 analysisGreat neck school budget 2016-2017 analysis
Great neck school budget 2016-2017 analysisDing Li
 
Criba de Eratóstenes
Criba de EratóstenesCriba de Eratóstenes
Criba de EratóstenesSilvia Nuñez
 

More Related Content

What's hot

What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityReading Works Detroit
 
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...AIIM International
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringMike Murray
 
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...TJR Global
 
Takeaways from Black Hat 2016
Takeaways from Black Hat 2016Takeaways from Black Hat 2016
Takeaways from Black Hat 2016Tripwire
 
Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Guy Pearce
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?Jacklin Berry
 

What's hot (10)

What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in Cybersecurity
 
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...
[Webinar Slides] 4 Ways to Protect Your Captured Data from Theft and Complian...
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social Engineering
 
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
 
Takeaways from Black Hat 2016
Takeaways from Black Hat 2016Takeaways from Black Hat 2016
Takeaways from Black Hat 2016
 
Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2
 
16231
1623116231
16231
 
Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?
 
Bt tower v1.1
Bt tower v1.1Bt tower v1.1
Bt tower v1.1
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?
 

Viewers also liked

Rocket Fuel - Black Friday 2015 UK (1)
Rocket Fuel - Black Friday 2015 UK (1)Rocket Fuel - Black Friday 2015 UK (1)
Rocket Fuel - Black Friday 2015 UK (1)Michael Sharman
 
2013 Peter Williams AIMS Mapping Presentation
2013 Peter Williams AIMS Mapping Presentation2013 Peter Williams AIMS Mapping Presentation
2013 Peter Williams AIMS Mapping PresentationPeter Williams
 
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_eng
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_engGüneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_eng
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_engÖmer Şenkardeş
 
Nomimes etairies stoiximaton
Nomimes etairies stoiximatonNomimes etairies stoiximaton
Nomimes etairies stoiximatonBetcatalog Net
 
Austin morin reflection
Austin morin reflectionAustin morin reflection
Austin morin reflectionAustin Morin
 
Do we need a new language to describe cybersecurity?
Do we need a new language to describe cybersecurity?Do we need a new language to describe cybersecurity?
Do we need a new language to describe cybersecurity?Sherry Jones
 
Family fun at BCC Cinemas
Family fun at BCC CinemasFamily fun at BCC Cinemas
Family fun at BCC CinemasLee Staddon
 
Great neck school budget 2016-2017 analysis
Great neck school budget 2016-2017 analysisGreat neck school budget 2016-2017 analysis
Great neck school budget 2016-2017 analysisDing Li
 
Criba de Eratóstenes
Criba de EratóstenesCriba de Eratóstenes
Criba de EratóstenesSilvia Nuñez
 
Matematicas para la Olimpiada
Matematicas para la OlimpiadaMatematicas para la Olimpiada
Matematicas para la OlimpiadaJoemmanuel Ponce
 

Viewers also liked (14)

Rocket Fuel - Black Friday 2015 UK (1)
Rocket Fuel - Black Friday 2015 UK (1)Rocket Fuel - Black Friday 2015 UK (1)
Rocket Fuel - Black Friday 2015 UK (1)
 
professional profile
professional profileprofessional profile
professional profile
 
CV amccann
CV amccannCV amccann
CV amccann
 
2013 Peter Williams AIMS Mapping Presentation
2013 Peter Williams AIMS Mapping Presentation2013 Peter Williams AIMS Mapping Presentation
2013 Peter Williams AIMS Mapping Presentation
 
BnSeries_Textures
BnSeries_TexturesBnSeries_Textures
BnSeries_Textures
 
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_eng
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_engGüneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_eng
Güneydoğu Avrupada bir Doğal Gaz Merkezi Omer Senkardes_eng
 
Nomimes etairies stoiximaton
Nomimes etairies stoiximatonNomimes etairies stoiximaton
Nomimes etairies stoiximaton
 
Austin morin reflection
Austin morin reflectionAustin morin reflection
Austin morin reflection
 
Do we need a new language to describe cybersecurity?
Do we need a new language to describe cybersecurity?Do we need a new language to describe cybersecurity?
Do we need a new language to describe cybersecurity?
 
Family fun at BCC Cinemas
Family fun at BCC CinemasFamily fun at BCC Cinemas
Family fun at BCC Cinemas
 
Great neck school budget 2016-2017 analysis
Great neck school budget 2016-2017 analysisGreat neck school budget 2016-2017 analysis
Great neck school budget 2016-2017 analysis
 
Criba de Eratóstenes
Criba de EratóstenesCriba de Eratóstenes
Criba de Eratóstenes
 
Matematicas para la Olimpiada
Matematicas para la OlimpiadaMatematicas para la Olimpiada
Matematicas para la Olimpiada
 
Introduction to PURE Doc 2016
Introduction to PURE Doc 2016Introduction to PURE Doc 2016
Introduction to PURE Doc 2016
 

Similar to Bridging the cybersecurity culture gap

How much security is enough?
How much security is enough?How much security is enough?
How much security is enough?Sherry Jones
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINETopCyberNewsMAGAZINE
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
Technology Disruption and Safety and Training
Technology Disruption and Safety and TrainingTechnology Disruption and Safety and Training
Technology Disruption and Safety and TrainingJim Gibson
 
Assistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxAssistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxcockekeshia
 
Cyber Civil Defense - Risk Masters - Allan Cytryn
Cyber Civil Defense - Risk Masters - Allan CytrynCyber Civil Defense - Risk Masters - Allan Cytryn
Cyber Civil Defense - Risk Masters - Allan CytrynBoston Global Forum
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Devendra kashyap
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
The Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdfThe Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdfCIO Look Magazine
 

Similar to Bridging the cybersecurity culture gap (20)

How much security is enough?
How much security is enough?How much security is enough?
How much security is enough?
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
 
Technology Disruption and Safety and Training
Technology Disruption and Safety and TrainingTechnology Disruption and Safety and Training
Technology Disruption and Safety and Training
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017
 
Assistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docxAssistive Technology Considerations TemplateSubject AreaSample.docx
Assistive Technology Considerations TemplateSubject AreaSample.docx
 
Cyber Civil Defense - Risk Masters - Allan Cytryn
Cyber Civil Defense - Risk Masters - Allan CytrynCyber Civil Defense - Risk Masters - Allan Cytryn
Cyber Civil Defense - Risk Masters - Allan Cytryn
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
The Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdfThe Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdf
 
FutureOfRiskAndInsurance
FutureOfRiskAndInsuranceFutureOfRiskAndInsurance
FutureOfRiskAndInsurance
 

More from Sherry Jones

The nature lover’s guide to cybersecurity
The nature lover’s guide to cybersecurityThe nature lover’s guide to cybersecurity
The nature lover’s guide to cybersecuritySherry Jones
 
McClure FedRAMP for FedScoop
McClure FedRAMP for FedScoopMcClure FedRAMP for FedScoop
McClure FedRAMP for FedScoopSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
S-B Schools to Prison Pipeline
S-B Schools to Prison PipelineS-B Schools to Prison Pipeline
S-B Schools to Prison PipelineSherry Jones
 
S-B Edible Tree Project
S-B Edible Tree ProjectS-B Edible Tree Project
S-B Edible Tree ProjectSherry Jones
 
McClure FedRAMP for FedScoop
McClure FedRAMP for FedScoopMcClure FedRAMP for FedScoop
McClure FedRAMP for FedScoopSherry Jones
 
S-B Edible Tree Project
S-B Edible Tree ProjectS-B Edible Tree Project
S-B Edible Tree ProjectSherry Jones
 
Why the ‘Old Brain’ Struggles with Big Data - Deloitte CIO - WSJ
Why the ‘Old Brain’ Struggles with Big Data - Deloitte CIO - WSJWhy the ‘Old Brain’ Struggles with Big Data - Deloitte CIO - WSJ
Why the ‘Old Brain’ Struggles with Big Data - Deloitte CIO - WSJSherry Jones
 
The nature lover’s guide to cybersecurity
The nature lover’s guide to cybersecurityThe nature lover’s guide to cybersecurity
The nature lover’s guide to cybersecuritySherry Jones
 
The Internet of Me
The Internet of MeThe Internet of Me
The Internet of MeSherry Jones
 
​The Identity of Things
​The Identity of Things​The Identity of Things
​The Identity of ThingsSherry Jones
 
The 99.999 percent cybersecurity problem
The 99.999 percent cybersecurity problemThe 99.999 percent cybersecurity problem
The 99.999 percent cybersecurity problemSherry Jones
 
The ‘Third Space’ in the cloud
The ‘Third Space’ in the cloudThe ‘Third Space’ in the cloud
The ‘Third Space’ in the cloudSherry Jones
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
​Big data and the examined life
​Big data and the examined life​Big data and the examined life
​Big data and the examined lifeSherry Jones
 

More from Sherry Jones (19)

The nature lover’s guide to cybersecurity
The nature lover’s guide to cybersecurityThe nature lover’s guide to cybersecurity
The nature lover’s guide to cybersecurity
 
McClure FedRAMP for FedScoop
McClure FedRAMP for FedScoopMcClure FedRAMP for FedScoop
McClure FedRAMP for FedScoop
 
Data on a leash
Data on a leashData on a leash
Data on a leash
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
S-B Schools to Prison Pipeline
S-B Schools to Prison PipelineS-B Schools to Prison Pipeline
S-B Schools to Prison Pipeline
 
S-B Immigrants
S-B ImmigrantsS-B Immigrants
S-B Immigrants
 
S-B Edible Tree Project
S-B Edible Tree ProjectS-B Edible Tree Project
S-B Edible Tree Project
 
McClure FedRAMP for FedScoop
McClure FedRAMP for FedScoopMcClure FedRAMP for FedScoop
McClure FedRAMP for FedScoop
 
S-B Edible Tree Project
S-B Edible Tree ProjectS-B Edible Tree Project
S-B Edible Tree Project
 
Why the ‘Old Brain’ Struggles with Big Data - Deloitte CIO - WSJ
Why the ‘Old Brain’ Struggles with Big Data - Deloitte CIO - WSJWhy the ‘Old Brain’ Struggles with Big Data - Deloitte CIO - WSJ
Why the ‘Old Brain’ Struggles with Big Data - Deloitte CIO - WSJ
 
The nature lover’s guide to cybersecurity
The nature lover’s guide to cybersecurityThe nature lover’s guide to cybersecurity
The nature lover’s guide to cybersecurity
 
The Internet of Me
The Internet of MeThe Internet of Me
The Internet of Me
 
​The Identity of Things
​The Identity of Things​The Identity of Things
​The Identity of Things
 
The 99.999 percent cybersecurity problem
The 99.999 percent cybersecurity problemThe 99.999 percent cybersecurity problem
The 99.999 percent cybersecurity problem
 
The ‘Third Space’ in the cloud
The ‘Third Space’ in the cloudThe ‘Third Space’ in the cloud
The ‘Third Space’ in the cloud
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
 
Data on a leash
Data on a leashData on a leash
Data on a leash
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
​Big data and the examined life
​Big data and the examined life​Big data and the examined life
​Big data and the examined life
 

Bridging the cybersecurity culture gap

  • 1. 9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 1 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap September 16, 2016 Bridging the cybersecurity culture gap Commentary: Organizations should consider how the idea of workplace safety has evolved if they want strategies for baking cybersecurity into their culture. BIO By JR Reagan MARCH 25, 2016 3:00 PM "Safety First” signs seem almost cliché now — not so in the years prior to the Industrial Revolution. (iStockphoto) Everyone seems to be talking about “workplace culture” these days. GUEST COLUMNS Left wide open: Encryption and the public sector CYBERSECURITY Do we need a new language to describe cybersecurity? CYBERSECURITY Why you can’t decide (And what to do about it) GUEST COLUMNS The innovator’s mindset RELATED ARTICLES NEWS EVENTS TV RADIO PEOPLE SUBSCRIBE CHANGE SCOOP !" SUBSCRIBE CONNECT WITH US
  • 2. 9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 2 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap Although the concept has been around since the 1980s, businesses and government agencies are now realizing the importance of “the way we do things around here” to retaining valued employees and adding value to the enterprise, according to a Deloitte University Press report. Now, some want to apply the concept to cybersecurity. Instilling a “cybersecurity culture” could improve any organization’s ability to safeguard its data, systems and networks, the theory goes. The National Cyber Security Alliance calls for a “culture of awareness” around cybersecurity in every workplace. But how do we make this happen? How do we create a culture in our organizations in which cybersecurity is a top priority at every level, from the boardroom to the break room? For clues, we might look to security’s cousin, safety. Although preventing accidents at work is a given in most workplaces today — so much so that “Safety First” signs seem almost cliché — safety hasn’t always been a priority. Since the Industrial Revolution, workplace safety has undergone a number of transformations, with many injuries, deaths, and lessons learned along the way. Accidents became the exception rather than the rule only in the last 50 years or so, since organizations began examining attitudes and perceptions around safety throughout the workplace, and how they affect practices. The Australian Radiation Protection and Nuclear Safety Agency traces the evolution of safety in several stages, or “ages”: The age of technology: Starting with the Industrial Revolution some 250 years ago, machinery failures and flaws bore most of the blame for workplace accidents. Engineers strove to improve worker and plant safety by designing safer technology. The age of the human: After major accidents such as the Three Mile Island nuclear meltdown in 1979 pointed to human as well as technical deficiencies, engineers began factoring the human into their designs, aimed at correcting, compensating for, and even anticipating mistakes. The age of the organization: Disasters including an airplane Cybersecurity Insights & Perspectives Invincea's Anup Ghosh on using machine learning to improve cybersecurity detection capabilities Cybersecurity Insights & Perspectives Veracode's Chris Wysopal talks about the impact of '90s hacker think tank Content from Sponsors DHS' Vincent Sritapan on federal IT modernization September 20, 2016 Leveraging Your Workforce in the New Communications Era September 28, 2016 Privileged User & Insider Threat Federal 2016 Ponemon Survey Findings October 05, 2016 VIEW ALL TV/RADIO EVENTS
  • 3. 9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 3 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap crash and an oil spill prompted a new look at assumptions around safety — with people asking not only how these accidents happened, but why. Human and even technical failures were seen as the tip of the iceberg, indicating a lack of leadership at the highest levels, prompting a focus on improving an organization’s “safety culture.” Evolving out risk Researcher Philip Sutton lists four shifts in emphasis characterizing the evolution of workplace safety culture: From employee responsibility to management responsibility. From post-accident coping to prevention. From non-systematic management to whole-system management. From risk reduction to risk elimination. When managers took up the safety mantle — establishing and enforcing protocols around safety, providing worker training, and encouraging supervisors and employees to report hazards — accidents and injuries declined sharply. Eventually, most organizations established strong workplace safety programs aiming not just to minimize risk, but to eliminate it altogether, according to report in the Huffington Post. The impetus for these changes came from organized labor and laws, but they succeeded only where top-level executives encouraged and supported them. Studies have shown a direct correlation between management commitment and worker safety. In other words, to instill a culture of safety in any workplace, the impetus must come from the highest levels — and the message must be, “We are all in this together.” When every employee, from entry- level to executive, feels a vested interest in their own safety as well as that of colleagues and even the organization itself, then the goal of “zero risk” may at last become attainable. Could the same be true for cybersecurity? The cybersecurity shift October 05, 2016 What Hackers Reveal About IT Vulnerabilities VIEW ALL
  • 4. 9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 4 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap JR Reagan writes regularly for FedScoop on technology, innovation and cybersecurity issues. In the “Technological Revolution” of today, new technologies have exposed our workplaces and employees to new threats —of identity theft; data theft and manipulation; compromises of confidential, even proprietary information, and more. Initially, organizations focused on improving the technology with firewalls, anti-virus software, malware scanners and other “fixes.” Then, however, hackers began using phishing and social-engineering schemes to gain access to systems, requiring a shift in focus to the humans using them. As large-scale breaches continue, however, cybersecurity, too, may need a cultural shift — one that, like successful safety cultures, is designed around processes, not functions; is inclusive and collaborative across all departments, offices, and levels; encourages and incentivizes shared responsibility, and retains flexibility, allowing us to learn, change, and grow. Changing a workplace’s culture can be daunting, especially across multiple agencies or locations. But, as advances in workplace safety show, it’s doable with support from the top — and the “trickle-down” effect, resulting in buy-in at every level, may help us not only to reduce risk, but to eliminate it. As we look toward the future — a continual mandate in the cybersecurity profession — we would do well to consider the lessons of the past, and what has worked in other realms such as organizational safety, and safety culture. How can we rally our workforces around cybersecurity in a way that goes to the very heart of our organizations — to the culture that defines us? JR Reagan is the global chief information security officer of Deloitte. He also serves as professional faculty at Johns Hopkins, Cornell and Columbia universities. Follow him @IdeaXplorer. Read more from JR Reagan.
  • 5. 9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 5 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap -Explore Stories in Commentary- NEWS > COMMENTARY -In this Story- Tech, Cybersecurity, Commentary, Guest Columns Stay alert to all the latest government IT news. SIGN UP TODAY 0 Comments FedScoop SherryJones! Share⤤ Sort by Best Start the discussion… Be the first to comment. Subscribe✉ Add Disqus to your site Add Disqus Addd Privacy% Recommend♥ 2 JOIN THE CONVERSATION ABOUT / CONTACT LEADERSHIP TEAM EDITORIAL TEAM CONTRIBUTE CAREERS 3 top change management missteps — and how to avoid them Left wide open: Encryption and the public sector The secret to a strong cyber defense: Talk about it
  • 6. 9/16/16, 1:06 PMBridging the cybersecurity culture gap Page 6 of 6http://fedscoop.com/bridging-the-cybersecurity-culture-gap # $ % & ' + ) BACK TO TOPCOPYRIGHT 2008-2016 FEDSCOOP. ALL RIGHTS RESERVED. ∠