The 7 Dimensions of Security Culture Explained

Press release: CLTRe publishes a research paper for security awareness and culture practitioners on The Seven Dimensions of Security Culture, explaining how security culture is made up of seven dimensions, what they are, and how they can be influenced.

Oslo, Norway (May 1, 2019) — Today CLTRe released a special report for security awareness and culture managers on The Seven Dimensions of Security Culture. The research paper explores why these seven dimensions are measured, what they are, and how they can be influenced.

Photo of Aimee Laycock, COO at CLTRe and lead author of 'The Seven Dimension of Security Culture'

“Knowing what these dimensions are, how they relate to security, and how they can be positively influenced is essential to manage effective change,” explains Aimee Laycock, cybersecurity culture specialist and lead author. “Information about these dimensions is vital when it comes to building and improving security culture, and thus reducing risk in organizations.”

The Seven Dimensions of Security Culture builds on CLTRe’s model for measuring security culture and provides a comprehensive resource for practitioners seeking a deeper understanding of the dimensions that comprise security culture.

“This is impressive work,” says Dr Gregor Petriç, Chairman for the Center for Methodology and Informatics and Associate Professor at the University of Ljubljana. “This report provides a synthesis of the research into the influences of information security culture, and draws on studies from various related fields, including computer science, psychology, sociology, behavior science, information security, and business management, to name a few.”

Kai Roer, security veteran and CEO of CLTRe, defines an organization’s security culture as “the different ideas, customs and social behaviors that employees and managers have towards security.” Roer explains that the strength of security culture in an organization can be assessed by measuring the employees’:

  • Attitudes
  • Behavior
  • Cognition
  • Communication
  • Compliance
  • Norms
  • Responsibilities

“Every organization has a security culture of sorts, but whether it is good or bad, strong or weak, no one knows unless it is measured,” says Laycock. “This report provides readers with a strong understanding of what security culture is made of, how it can be recognized and observed, and also, how it is influenced.”


About the 7 dimensions

The seven dimensions enable organizations to create a baseline of their security culture. This is used to assess the strength of the organization’s security culture and measure the effectiveness of their security culture program and awareness activities. The seven dimensions of security culture are used to benchmark security culture in organizations in more than 8 European countries, across the USA, and in China. 

About CLTRe

With offices in Europe, Asia, and the USA, CLTRe provides organizations worldwide with specialist security culture products and services, and are the leading providers of security culture metrics. Their scientific security culture measurement instrument, the Security Culture Toolkit, is delivered as a Software-as-a-Service. CLTRe is endorsed by ENISA. Website:



Available to download

To download a copy of the research paper – The 7 Dimensions of Security Culture – go to:


Related Posts