Culture Shock: Electrifying Your Culture of Security

Information security culture is a foundational element for a successful implementation of an information security program. An information security culture is not explicitly required by information security frameworks, yet it is an integral part of the formula. Cultural development and evolution is difficult to quantify and measure, although it is not impossible. Through various mechanisms such as employee engagement, security awareness and training, and gamification, it is possible not only to develop but also to evolve an information security culture, no matter what framework the information security program was built upon. This talk will explore what it means to take an information security culture to the fast lane, and will touch on some success stories along the way.

Presentation Slides are available at: https://softwareexcellencealliance.or...

------------------------------------------------------------------

About the presenter: James Brosnan, MBA, CISM is an energetic speaker, information security leader, and compliance consultant who leans heavily on connecting the dots between information security themes and well-known popular culture subjects. James spent a large portion of his career in the electric utility industry performing a myriad of job functions ranging from hands-on field work to compliance auditing and eventually to evolving and influencing security cultures. Over the last few years, James has made the leap from the electric utility industry to a small satellite intelligence company and is making his way back to the electric utility industry by way of compliance consulting. James is an expert and former auditor for the Western Electric Coordinating Council (WECC) auditing large scale electric utilities against the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) requirements and standards. He holds a Master of Business Administration in Management Information Systems (Park University) and also holds a Certified Information Security Manager (CISM) certification from ISACA.