Our unique collaborative approach to creating and sustaining the corporate security culture

We've just about finished updating the website, again, this time rationalizing the textual description of our security awareness service using the simple process diagram above. They say a picture is worth a thousand words - fair enough, but to do it justice we had to cheat a bit by splitting the process into three sections:

1. Our part in the process outlines what we do behind the scenes every month, researching, preparing, polishing and packaging the next security awareness module, basically providing the materials and impetus to set you up for your part;
   
   
2. Your part in the process: downloading, unpacking, reviewing, customizing and deploying the awareness materials, which includes liaising with your professional colleagues to mold the program according to the organization's specific needs;
   
   
3. What we achieve together: this is the vital bit! Here the unique features of our service come together through our joint efforts to influence the corporate culture, improve information security, and most of all deliver the business benefits. Without this, the rest is just a lot of hard work!

We're convinced of the value of informing and engaging the entire workforce (staff, managers and professionals) over the long term, socializing information security in order to generate and sustain a widespread and deep-rooted security culture. What do you think?

Many information security specialists, advisers, gurus and consultants talk in positive terms about creating a culture of security but hardly any explain what that means, let alone how to achieve it. I'll make a stab at it in the next blog piece. Meanwhile, having spent several creative days drawing and redrawing pretty process diagrams in Visio, I really must knuckle-down to catch up with our part of the process for the next awareness module on malware. Lots to do and it doesn't happen all by itself!