The Security Culture Framework

The free and open Framework to build and maintain security culture

The Security Culture Framework is a free and open framework, methodology and philosophy to work with security culture. Created by Kai Roer, and maintained by a global community, the SCF is used by hundreds of organisations around the world to build and maintain security culture.

The Security Culture Framework provides you with a great resource for building and maintaining security culture and awareness, based on best practices from around the world.

A Framework

The SCF is a framework and offers a scaffolding to set up and manage your security culture process in your organisation. Instead of replacing your activities and current campaigns, the SCF shows you where and when to conduct the needed steps to build culture.

A Methodology

The SCF offers a methodology consisting of an over-arching process, and iterative campaigns. Following the SCF method, you start building culture right away, with what you have. As you progress, so does your culture.

A Philosophy

Improving security culture is about building something better. The SCF is a strong proponent for positive psychology, using incentives to form the social behaviours that creates the security culture. Fear is a weak builder of security, trust is a strong one!

 Compliance Matter

Following a structured, repeatable approach to building and maintaining security culture makes compliance a brief. When using the SCF, you document compliance with standards, regulations and contracts.

Watch Video: An overview of the SCF

Why Wait? Join The Global Community

The SCF is a global community, organizing conferences, meeting locally, and sharing information. Knowing there is help out there if you need it, is a valuable asset in your cultural endeavour.

You can sign up for free (or just browse around anonymously should you prefer):