24
https://scf.roer.com Navigating To Your Goal The Security Culture Framework
https://scf.roer.comNavigating To Your Goal
The Security Culture Framework
https://scf.roer.com
The ideas, customs, and social behavior of a
particular people or society, that allows them to be free
from danger or threats.
Security Culture
“”Kai Roer, Founding Partner
https://scf.roer.comA Quick Introduction
The Security Culture Framework
https://scf.roer.com
● Assess where you currently are○ Create baselines○ Understand what to measure○ Understand how to measure
● Visualise where you would actually like to be○ Define clear (SMART) goals○ Describe the goal using metrics
The Security Culture Framework
Know Your Goals
https://scf.roer.com
● Look at who you will need to involve along the journey○ HR, Marketing and PR○ CxO, Employees, Stakeholders
● Analyze the audience○ Who are my target audience?○ What do they care about?○ How do they communicate?○ How do I best adapt the security
message to their needs?
The Security Culture Framework
Know Your Audience
https://scf.roer.com
● Choose and use topics and activities that leads towards your defined goals
● Use different activities to build competence
● Drive behavioral change through topics and activities that are relevant to your program
The Security Culture Framework
Know Your Topics
https://scf.roer.com
● Plan for success!● Organize the work in time-limited
Campaigns to help you stay in control● Run campaigns in parallel in larger
organizations to target different audiences, topics and goals
● Run Campaigns in series to build a complete security culture program
The Security Culture Framework
Know Your Plan
https://scf.roer.comPlotting a Course
The Security Culture Framework
https://scf.roer.com
The Security Culture Framework: Templates and methodology
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
Manage Internally
● The framework is free and open● Download templates● How-To guides for each template● Published with a Creative Commons
license. ● https://scf.roer.com
https://scf.roer.com
The Security Culture Framework: Templates and methodology
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
Manage Internally
● Manage your own Security Culture Program
● Use internal resources● Low budget, full ownership● Total control
https://scf.roer.com
The Security Culture Framework: Templates and methodology
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
Manage Internally
● Use the Community for support and learning
● Free and open access● Register to post questions and
comments ● Help build and spread the
competence!
https://scf.roer.comSafe Navigation
The Security Culture Framework
https://scf.roer.com
The Security Culture Framework: Templates and methodology
Manage InternallyCertified Consulting Partner
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
● Partners to help:○ Design and manage program○ Execute program○ Run metrics and revisions
● Certified partners available in USA and Europe
https://scf.roer.comBuilding Your Crew
The Security Culture Framework
https://scf.roer.com
Learn! by Roer
Internal Training Program
Certification
Online
Tools
SCFApplication
Intelligence
Reports
Consulting
Security Culture Program
Security Culture Campaign
Coaching
On-Site
Remote
The Security Culture Framework
Services from The Roer Group
https://scf.roer.com
Learn! by Roer
Internal Training Program
Certification
Online
● Professional training○ Online (recorded and live)○ On-Site (adapted to your needs)○ Certified Security Culture Practitioner
● Options○ Keynotes○ Talks and Workshops○ Round Table Facilitation
The Security Culture Framework
Services from The Roer Group
https://scf.roer.com
● Campaign Mode○ 12 weeks campaign○ Define goals, target audience and activities○ Execute, Measure and Report
● Program Mode○ 18 months○ Up to 6 Campaigns in serie○ Program goals breaks down to Campaign goals
Consulting
Security Culture Program
Security Culture
Campaign
The Security Culture Framework
Services from The Roer Group
https://scf.roer.com
● Remote Coaching○ Phone and email○ Unlimited* access to coach○ Fixed fee = low risk
● On-Site Coaching○ Phone, email and On-Site○ Unlimited* access to coach○ Fixed fee** = low risk
Coaching
On-Site
Remote
*: Unlimited access means a maximum of 10 coaching hours per month. **: Fixed fee does not include travel+accommodation as required.
The Security Culture Framework
Services from The Roer Group
https://scf.roer.com
● Intelligence○ What are the trends?
● Reports○ How do we compare to others?
● SCF Application○ Manage your Security Culture Program○ Annual SubscriptionTools
SCFApplication
Intelligence
Reports
The Security Culture Framework
Services from The Roer Group
https://scf.roer.comResults Ahead!
The Security Culture Framework
https://scf.roer.com
The Security Culture Framework: Templates and methodology
Manage InternallyCertified Consulting Partner
The Community
Free Paid, 3rd party Paid, The Roer GroupOptional:
Learn! by Roer
Internal Training Program
Certification
Online
Tools
SCFApplication
Intelligence
Reports
Consulting
Security Culture Program
Security Culture
Campaign
Coaching
On-Site
Remote
https://scf.roer.comYour Next Step
The Security Culture Framework
https://scf.roer.com
https://scf.roer.com
Join the communityGet Answers
Download TemplatesEngage and Learn
Build Security Culture!
https://scf.roer.comhttps://scf.roer.com
Start Today!
