Explore the intersection of society and information security, where culture shapes cyber norms and practices in our digital world.
Search across headline titles and summaries.
Background for this topic.
In an information security context, culture manifests itself in how every employee, from management to entry-level, prioritizes security in their daily work. A strong security culture means that security considerations are an integral part of every decision and action. Employees are not only aware of the organization's security protocols but are also motivated to comply with them and to report any potential threats or vulnerabilities.
A robust information security culture can significantly reduce the risk of security incidents by ensuring that employees are vigilant, well-trained, and proactive about cybersecurity measures. Activities such as regular security awareness training, effective communication of security policies, and active promotion of security-minded behavior contribute to nurturing a culture that can effectively respond to and mitigate cyber threats.
Weekly headline count for the current query.
In spite of state laws meant to improve cyber hygiene, an analysis of incidents shows issues persist and visibility falls short.
Rising Liability Risks Are Reshaping the CISO Role and Cybersecurity LeadershipAs regulators pursue accountability after major breaches, CISOs face growing personal liability. This is changing how security leaders report risk, weakening security culture and making the role less attractive to experienced practitioners.
Netskope's Sanjay Beri on Data Risk, Agent Visibility and Enabling AI SafelyAI adoption has outrun enterprise security, leaving data exposed and controls nonexistent. Sanjay Beri, co-founder and CEO at Netskope, says the answer isn't restriction. It's visibility, context and a culture of enablement.
Rising Liability Risks Are Reshaping the CISO Role and Cybersecurity LeadershipAs regulators pursue accountability after major breaches, CISOs face growing personal liability. This is changing how security leaders report risk, weakening security culture and making the role less attractive to experienced practitioners.
The signs of an effective security culture are shifting as companies call on CISOs and security teams to raise their hands unabashedly.
Anna’s Archive’s idealism doesn’t quite survive its own blog post What would happen to the world's music collections if streaming services disappeared? One hacktivist group says it has a solution: scrape around 300 terabytes of music and metadata from Spotify and offer it up for free as what it calls the world’s first “fully open” music preservation archive.…
Organizations are adopting agentic artificial intelligence as the next phase of AI. Kim Basile, CIO of Kyndryl, explains how organizations can prepare teams to work with agentic AI, emphasizing culture, training and governance as the crucial drivers of AI readiness and adoption.
PLUS: Manga publishers win Cloudflare copyright case; India, EU to link payment systems; Storm over Australia’s weather website; And more! Asia In Brief Infosys co-founder Narayana Murthy has suggested Indian citizens should work even longer, suggesting his previous target of 70-hour weeks could climb to 72.…
How the best security training programs build strong security culture by focusing on high-risk groups like developers, executives, finance pros and more.
ISMG's Sean Mack on Aligning Strategy and Culture for Long-Term Risk ReductionCybercrime is accelerating while budgets stay flat. To keep pace, organizations must treat security as a strategic enabler - not an afterthought. Sean Mack of ISMG's CXO Advisory Practice outlines how aligning business goals, shifting left, and building a security culture drive better outcomes.
CXO Advisory Practice's Sean Mack on How Fractional CISOs Help SMBs Boost SecuritySmall and mid-sized businesses face the same threats as large enterprises but with fewer resources. Sean Mack of ISMG's CXO Advisory Practice explains how SMBs can cut cybersecurity costs by consolidating tools, embedding security and building a culture that scales without scaling costs.
Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities.
Merck's Luis Contasti Aguirre on Building Resilient OT Security ProgramsLuis Contasti Aguirre from Merck shares how visibility into OT assets, clear processes and a strong risk-aware culture help secure critical systems. He explains how aligning people, process and technology strengthens compliance, reduces false positives and ensures operational resilience.
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks
FPT's Leonard Bertelli on the Shift From Reactive Monitoring to Predictive InsightObservability has now become a mission-critical capability for enterprises operating complex, distributed and AI-driven systems. Leonard Bertelli, senior vice president at FPT Americas, shares how observability is changing and why both culture and technology must align to move enterprises forward.
Discover how GDPR compliance can spark real growth and give you a competitive advantage with practical strategies and a strong security culture. [...]
After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and technologies alone are not enough to mitigate cyber risk. As tech stacks have grown more sophisticated and capable, attackers have shifted their focus. They are no longer focusing on infrastructure vulnerabilities alone. Instead, they are increasingly
Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.
Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key.
Cybersecurity Awareness Programs Need Focus on Human Risk and Changing BehaviorsThanks to Cybersecurity Awareness Month, everyone knows security is a priority, but what are we doing differently to change the culture? If our goal is to reduce risk, not just meet regulatory expectations, then we need to focus on behavior, not just boxes on a checklist.