III Transforming Your Security Culture
This page intentionally left blank
From Diagnosis to Transformation: Implementing People-Centric Security
The first two parts of this book have addressed culture generally, security culture in particular, and ways to articulate, diagnose, and analyze the security culture in your organization. Culture, however, remains a huge and inclusive phenomenon in any enterprise, the sum total of the assumptions, beliefs, and values mixing and interacting below the surface of easily observable behavior. Culture can be transformed, but transforming it is like changing the flow of a river. It isn't easy when the river is constantly trying to revert back to its previous course. It is an exercise in organizational engineering. Your strategy has to be very specific and well understood or you will fail. The third part of this book is about developing a structured, measurable strategy to implement peoplecentric security, to transform security culture, by coming full circle and dealing directly with human and organizational behavior.