Creating a Culture of Security
It’s no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It’s not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. Security has become everyone’s job, and its management has become a strategic concern of the enterprise.
The way forward is for the enterprise to build a culture of security, an awareness of risks and controls, and a set of norms and practices that align with keeping the enterprise secure.