Culture and Organization
Highlights from The Purple Book of Software Security, Chapter 3

Culture and Organization

Organizational Change Begins with You

A culture that embodies strong security technologies and processes is a function of impelling leadership and multilateral cooperation. But the uneasy security executive should find reassurance knowing that security cultures are framed with familiar practices: participation, delegation, and shared responsibilities.

Elevating from a zero state to a working solution requires attention to the following imperatives:

  1. Connecting security goals to internal/external business drivers (like compliance certification or customer-required pen testing)
  2. Shifting the security team's role from a passive "guard rail" to an active contributor to the company's goals
  3. ?Establishing a baseline to measure achievements against, and making steady progress toward objectives
  4. ?Building the security leadership and empowering them to exert cooperative influence

Even organizations with mature security programs will at times face difficulty rallying vertical and horizontal support for initiatives. But security is an organizational discipline, so a collaborative and empowering methodology, applied consistently, will always be key to enacting change.

Follow security leaders Poornaprajna Udupi and Pavi Ramamurthy in Chapter 3 of?The Purple Book as they delve into the challenges and opportunities that unfold in the mobilization of people, processes, and technology toward a security culture.

Have unique insights to share? Join us as a Coauthor and make your voice heard: thepurplebook.club/contribute-content

Rosario Monge

Senior Marketing Director | Community Builder | Positive and Innovative Thinker | Cybersecurity

3 年

Pavi RamamurthyPoornaprajna Udupi Thank you for another great chapter. Security needs to become second nature in all organizations. The Purple Book Community Nikhil Gupta Bryan McCreedy Anant Misra #Authors?#SecurityCulture?#securityleaders?#BeCyberSmart #security #securityawareness #cybersecurity

回复
Chipper Jones

Helping SecOps teams & MSSPs defend data with Open XDR | NDR | NG SIEM | UEBA | TIP | SOAR |

3 年

Great read!

回复
LingRaj Patil

I Help Companies Reduce Cyber Risk | VP of Marketing at ArmorCode | Community Builder | Security Warrior | Wannabe Storyteller

3 年

Poornaprajna Udupi Pavi Ramamurthy You two kicked off the Purple Book by leading the chapter on People, Culture and Organization aspects of Software Security and insights keep coming. Looking forward to sharing the entire book with the world in March.

回复

要查看或添加评论,请登录

The Purple Book Community的更多文章

社区洞察