The Security Culture Framework
The free and open Framework to build and maintain security culture
The Security Culture Framework is a free and open framework, methodology and philosophy to work with security culture. Created by Kai Roer, and maintained by a global community, the SCF is used by hundreds of organisations around the world to build and maintain security culture.
The Security Culture Framework provides you with a great resource for building and maintaining security culture and awareness, based on best practices from around the world.
The SCF is a framework and offers a scaffolding to set up and manage your security culture process in your organisation. Instead of replacing your activities and current campaigns, the SCF shows you where and when to conduct the needed steps to build culture.
The SCF offers a methodology consisting of an over-arching process, and iterative campaigns. Following the SCF method, you start building culture right away, with what you have. As you progress, so does your culture.
Improving security culture is about building something better. The SCF is a strong proponent for positive psychology, using incentives to form the social behaviours that creates the security culture. Fear is a weak builder of security, trust is a strong one!
Following a structured, repeatable approach to building and maintaining security culture makes compliance a brief. When using the SCF, you document compliance with standards, regulations and contracts.