CompTIA Newsroom

 

CompTIA Press Releases

Creating an organizational cybersecurity culture the subject of a new whitepaper from CompTIA

May 4, 2023

Insights from cybersecurity experts on how companies can build a ‘security first’ mindset

DOWNERS GROVE, Ill. – Organizations struggling to obtain a company-wide commitment to cybersecurity vigilance can get help from a new resource produced by CompTIA, the nonprofit association for the information technology (IT) industry and workforce.

“Embedding Cybersecurity Into Your Culture,” a CompTIA whitepaper, presents a path to make cybersecurity an essential element in an organizational culture by leaning into the company’s existing culture. The whitepaper draws on the cybersecurity expertise of CompTIA volunteers from across the globe representing all sizes and types of businesses in the IT services industry.

“The greatest chance of success in getting people to change their behaviors, embrace their role in security and embed cybersecurity into an organization’s culture is for them to lean into existing core values,” said Wayne Selk, vice president, cybersecurity programs, CompTIA. “This whitepaper can help any organization identify its values and strengths, along with recommendations on how to leverage those strengths to integrate cybersecurity into the overall company strategy.”

Building a cybersecurity culture starts at the highest level with executive buy-in and commitment. Incorporating security culture into the organization’s mission statement is a clear signal that leadership is committed to providing support and resources for organizational behavior change.

“You don’t have to rewrite your culture,” the whitepaper states. “Use your culture to implement cybersecurity…. By leveraging your existing values, you can intertwine your culture and cybersecurity. If you have a healthy culture (supportive, inclusive, diverse, allows for mistakes) then you should be able to have a cybersecurity-first mindset.”

Once the commitment to create a cybersecurity culture is made, several actions follow, including:

Identify security champions to communicate the vision as well as relay back to the security team what they hear from the various teams and users.

Choose a “clarifying event” to explore and discuss conflicting practices and policies with the goal of reaching a consensus on what’s best for the organization.

Use tabletop exercises to educate and engage staff in cybersecurity best practices.

Create documentation and processes that are easily accessible and updated as events warrant to reinforce the commitment to a cybersecurity culture.

Industry leaders who were major contributors to the whitepaper include Dave Alton, Strategic Information Resources, Inc.; Joy Beland, Summit 7; Bill Campbell, Balancelogic; Anu Khurmi, Templar Executives Ltd.; Gema Perez Cortes, Capgemini; Jhovanny Rodriguez, Greenlink Networks; and Natalie Suarez, Connectwise.

The CompTIA whitepaper is available at Embedding Cybersecurity Into Your Culture, while this CompTIA Blog article provides more insight into creating a cybersecurity culture.

About CompTIA
The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through community, education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for unlocking the potential of the tech industry and its workforce. http://Connect.CompTIA.org

Media Contact
Steven Ostrowski
CompTIA
[email protected]
+1 630.678.8468

View all Press Releases

Media Resource Center

Media Contact

Steve Ostrowski

Senior Director, Corporate Communications
(630) 678 - 8468
[email protected]

Public Sector Media Contact

Roger Hughlett

Director, Corporate Communications
(202) 503 - 3644
[email protected]


Follow Us

Follow us on social media to keep up to date on CompTIA.


Media Library

Download CompTIA logos and assets from our press releases to use in your article or write-up.

Access Now
Media Resources
Press Releases
Subscribe to CompTIA News
CompTIA in the news
Media Library

CompTIA Meetings & Events

CompTIA Community December Company Member Meetup

Online
Thursday, December 12, 2024 at 10 AM (CST)/4 PM (GMT)

Policy Development 101: Learn Skills to Write Effective Cybersecurity Policies

Online
Friday, December 13, 2024 at 12:00 PM CST

CompTIA ISAO December Member Meetups

Online
Wednesday, December 18 at 10AM CST / 12PM AEDT / 4PM GMT

View all CompTIA Meetings & Events

Fast Facts

  • $2 trillion – Estimated direct economic impact of the U.S. tech industry, representing 8.8% of the national economy.

  • 582,000 – Number of tech business establishments in the U.S.

  • 9.1 million – U.S. net tech employment at the end of 2022.

  • 286,400 – Estimated number of new technology jobs added in the U.S. in 2022.

  • 4.1 million – Number of postings by U.S. employers for tech job openings during 2022.