Insights from cybersecurity experts on how companies can build a ‘security first’ mindset
DOWNERS GROVE, Ill. – Organizations struggling to obtain a company-wide commitment to cybersecurity vigilance can get help from a new resource produced by CompTIA, the nonprofit association for the information technology (IT) industry and workforce.
“Embedding Cybersecurity Into Your Culture,” a CompTIA whitepaper, presents a path to make cybersecurity an essential element in an organizational culture by leaning into the company’s existing culture. The whitepaper draws on the cybersecurity expertise of CompTIA volunteers from across the globe representing all sizes and types of businesses in the IT services industry.
“The greatest chance of success in getting people to change their behaviors, embrace their role in security and embed cybersecurity into an organization’s culture is for them to lean into existing core values,” said Wayne Selk, vice president, cybersecurity programs, CompTIA. “This whitepaper can help any organization identify its values and strengths, along with recommendations on how to leverage those strengths to integrate cybersecurity into the overall company strategy.”
Building a cybersecurity culture starts at the highest level with executive buy-in and commitment. Incorporating security culture into the organization’s mission statement is a clear signal that leadership is committed to providing support and resources for organizational behavior change.
“You don’t have to rewrite your culture,” the whitepaper states. “Use your culture to implement cybersecurity…. By leveraging your existing values, you can intertwine your culture and cybersecurity. If you have a healthy culture (supportive, inclusive, diverse, allows for mistakes) then you should be able to have a cybersecurity-first mindset.”
Once the commitment to create a cybersecurity culture is made, several actions follow, including:
Identify security champions to communicate the vision as well as relay back to the security team what they hear from the various teams and users.
Choose a “clarifying event” to explore and discuss conflicting practices and policies with the goal of reaching a consensus on what’s best for the organization.
Use tabletop exercises to educate and engage staff in cybersecurity best practices.
Create documentation and processes that are easily accessible and updated as events warrant to reinforce the commitment to a cybersecurity culture.
Industry leaders who were major contributors to the whitepaper include Dave Alton, Strategic Information Resources, Inc.; Joy Beland, Summit 7; Bill Campbell, Balancelogic; Anu Khurmi, Templar Executives Ltd.; Gema Perez Cortes, Capgemini; Jhovanny Rodriguez, Greenlink Networks; and Natalie Suarez, Connectwise.
The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through community, education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for unlocking the potential of the tech industry and its workforce. http://Connect.CompTIA.org