Security Culture starts from the premise that, even with good technical tools and security processes, an organisation is still vulnerable without a strong culture and a resilient set of behaviours in relation to people risk. Hilary Walton combines her research and her unique work portfolio to provide proven security culture strategies with practical advice on their implementation. And she does so across the board: from management buy-in, employee development and motivation, right through to effective metrics for security culture activities. There is still relatively little integrated and structured advice on how you can embed security in the culture of your organisation. Hilary Walton draws all the best ideas together, including a blend of psychology, risk and security, to offer a security culture interventions toolkit from which you can pick and choose as you design your security culture programme - whether in private or public settings.
Applying the techniques included in Security Culture will enable you to introduce or enhance a culture in which security messages stick, employees comply with policies, security complacency is challenged, and managers and employees understand the significance of this critically important, business-as-usual, function.
Hilary Walton is an Organisational Psychologist and works for Airways, New Zealand's air navigation service provider, as their Resilience and Continuity Manager. She provides advice to ensure that critical business processes across the organisation are sufficiently resilient to continue operating effectively. This includes activities such as oversight of security, change management, business continuity planning, software assurance and safety change processes. She has also worked for the Olympic Delivery Authority (ODA) where she helped to implement culture change and had privacy and data protection responsibilities. Hilary formerly led a Security Culture project for a UK Government security authority before working for the Olympics. She is a Chartered and HPC registered senior Organisational Psychologist with consulting experience in both the United Kingdom and Australasia. She has worked within both private and public organisational settings, ranging from the Royal New Zealand Air Force through to large government clients and telecom organisations.
Contents: Introduction; What is security culture and people risk? Why are they important?; Building the business case for security culture and people risk management: getting senior level buy-in and commitment; Assessing security culture; How to improve security culture: intervention toolkit; How to prioritise what to do next; Metrics: measuring the impact on the organisation; Case studies; Appendices; Index.