My answer to the August expert panel question for Information Security Buzz:
In your opinion, what are 3 key elements to succeed in a positive security culture and what tips can you provide to implement change, successfully?
I took inspiration for my answer from an ex-CISO of mine, Adam Stanley (actually a CIO/CTO by trade, but he bravely took on both roles while recruiting). These are the three elements, known collectively as “TEA”, he worked hardest to embed in the IT and security culture of our organization:
– Trust,
– Empowerment, and
– Accountability
My three tips take those components and translate them into concrete actions. You can find the full article here