According to the Information Systems and Control Association (ISACA), security culture is defined as:
"a pattern of behaviors, beliefs, assumptions, attitudes, and ways of doing things around the information security within an organization."
It impacts an organization’s knowledge base and perspective about the way they make decisions on everything:
Your BYOD (bring your own device) policy
Your patch policy
Your hiring policy for the IT department
Your purchasing policy for updating systems and technology
What does your security policy say about you?
The real purpose of creating a security culture
Why should you concern yourself with increasing security culture in your practice? Common sense says it’s to make technology more secure.