The Security Culture Framework

The Free and Open Framework to build and maintain security culture

The Security Culture Framework is a free and open framework, methodology and philosophy to work with security culture. Created by Kai Roer, and maintained by a global community, the SCF is being used by organizations around the world to build and maintain security culture.

The SCF provides you with a great resource to work with security culture.

The Security Culture Framework in a brief!

The Security Culture Framework was created based on best practices of building and maintaining security culture and awareness around the world.


A Framework

The SCF is a framework and offers a scaffolding to set up and manage your security culture process in your organization. Instead of replacing your activities and current campaigns, the SCF shows you where and when to conduct the needed steps to build culture.

A Methodology

The SCF offers a methodology consisting of an over-arching process, and iterative campaigns. Following the SCF method, you start building culture right away, with what you have. As you progress, so does your culture.

A Philosophy

Improving security culture is about building something better. The SCF is a strong proponent for positive psychology, using incentives to form the social behaviors that creates the security culture. Fear is a weak builder of security, trust is a strong one!

 Compliance Matter

Following a structured, repeatable approach to building and maintaining security culture makes compliance a brief. When using the SCF, you document compliance with standards, regulations and contracts.

Why Wait? Join The Global Community

The SCF is a global community, organizing conferences, meeting locally, and sharing information. Knowing there is help out there if you need it, is a valuable asset in your cultural endeavour.

You can sign up for free (or just browse around anonymously should you prefer):