insider threat mitigation (2012)
Security Culture & Climate
Security Climate (informal perceptions) is probably even
more important than Security Culture (formal policies &
procedures)
In a healthy security culture/climate:
Everybody is constantly thinking about security.
There are on-the-spot awards for (1) good security practice & (2)
proactive/creative thinking and actions.
Security ideas, concerns, questions, suggestions, criticisms are welcome from any quarter.
No scapegoating! Finding vulnerabilities is viewed as good news.