Background NorSIS has studied what they term cybersecurity culture in Norway. The purpose of their study has been to help designing effective cybersecurity practices and to understand what security regulations Norwegians will typically accept. The study wants to measure culture, a concept that does not easily lend itself to quantification or simple KPI’s. The attempt… Continue reading Can cybersecurity culture be measured, and how can it drive national policy?
Maintaining security is an ongoing process which requires coordinated effort by the whole organization. Without backing from the top management levels and buy-in through the ranks there is little chance of building up resilience against cyber attacks. As organization complexity increases and value creation becomes distributed it will be necessary to have an integrated approach… Continue reading How to build up your information security management system in accordance with ISO 27001