(Cyber) Security Culture Eats (Cyber) Security Strategy for Breakfast


IT professionals around the world have some thorough and detailed frameworks and guidelines to use when it comes to developing a robust information security strategy, but there is one thing missing – the human element. The cyber threat landscape is out of control across the globe and organisations can’t seem to get ahead of the curve. Cyber attacks are increasing as cybercriminals are becoming more and more sophisticated and their methods are quite frankly abhorrent. They continue to target our human vulnerabilities and leave a trail of destruction in their wake without a care in the world.

Most organisations have a well-documented cybersecurity strategy. The Australian Cybersecurity Strategy 2020 was released in August with a focus on government, business and the community. The recommendations made are all great, however, achieving the desired outcomes will be challenging if there is no clear way forward as to how we as a nation go about creating a (cyber)security culture to support the strategy.

The missing link is the human element.

Protecting systems and information is the core purpose of anyone working in the information security world, which includes cybersecurity. Yes, some people see these as one in the same and others see them as separate disciplines, but that’s a discussion for another day.

Today, we are looking at the human operating system and what you can do to attract its attention, raise curiosity, get buy-in and have yourself a powerful culture of (cyber) security in your organisation.

Context and understanding are important in this process, so let’s start with some definitions.

Strategy is tangible and visible with clear guidelines. It’s the road map, the plan, the goals, the logical process of taking us from where we are to where we want to be. A place where outcomes are defined and results are measured and managed…Click here to read full article.