Incident response and information security culture

A while back, I┬á published a white paper on security culture for JURINNOV.┬á An organizationÔÇÖs culture in relation to information security determines how receptive employees will be to security initiatives.┬á Culture can make the difference between security that is embedded into the organization versus security that is simply an afterthought or even worse, ignored.

Culture is formed through a series of successes that reinforce the underlying assumptions behind those successes.┬á Alternatively, failures diminish assumptions associated with the failure.┬á There are many actions an organization can take to being the process of instilling a culture of security.┬á┬á A recent example at Seattle ChildrenÔÇÖs Hospital shows how the organizationÔÇÖs security culture was improved through incident response planning.

In an interview with Information Week, Cris Ewell, Chief Information Officer for Seattle ChildrenÔÇÖs Hospital stated that employees have recognized that breaches will happen even with the best preventative measures now that they have implemented incident response plans.┬á They also realized that some incidents require outside help.┬á┬á It is important to know who to contact ahead of time because time is precious following an incident.

4 thoughts on “Incident response and information security culture

Leave a Reply

Your email address will not be published. Required fields are marked *