For an information security professional, one of the most important areas for an organization is building a corporate security culture. Building a security culture begins with the IS professional: being transparent and passionate about security, speaking about security initiatives at company meetings, and providing recurring security awareness talks.

This grass-roots, bottom-up approach should be coupled with an increased focus on executives. Getting their support and buy-in is absolutely critical. If the CEO does not have to have a strong password, why should anyone else in the company? If the CEO does not take time to do security awareness training, why should anyone else?

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access