Summary: The UK’s National Protective Security Authority (NPSA) has published a “Security Culture Tool”, which is a free, online self-service tool that can help organizations of all sizes understand their security culture and how to enhance it. The tool is structured around four components - one interactive workshop and three workforce surveys. 

Analyst Note: Building a strong security culture within critical infrastructure organizations is essential to reduce security vulnerabilities and enhance operational resilience. A security culture goes beyond implementing advanced technologies; it’s about embedding security awareness and accountability into the daily behaviors of every employee.  

With critical infrastructure facing an increasing number of cyber and physical threats, organizations that foster and prioritize a strong security culture will be better positioned to adapt, recover, and continue operations with minimal disruption, in response to threats from across the all-hazards threat environment.

Accordingly, the components of the program include:

• Cultural Style Workshop. Supports your senior leaders in agreeing with the desired style of security culture that best suits your organization.
• Security Behaviors Survey. Measures the frequency with which particular security behaviors are being demonstrated.
• Personal Attitudes & Skills Survey. Assesses your workforce’s awareness of the threats they face, alongside their security responsibilities.
• Organizational Influences Survey. Evaluates your workforce’s perceptions of how well security is managed within the organization.

Original Source: https://www.npsa.gov.uk/security-best-practices/security-culture/security-culture-tool  

Additional Reading:

• Security Culture - What It Is and Why It's Important

Related WaterISAC PIRs: 5