Assessing Perceptions and Culture of Cybersecurity within an Organization

s
Activity Leads: 
Industry Collaborators: 
  • We are currently working with two industry partners, not named here for confidentiality reasons.
Summary Statement: 

NOTE: this is no longer an active CREDC research activity. 

Cybersecurity is crucial for any energy delivery system (EDS) organization, and many organizations have adopted stringent policies to improve their cybersecurity. An important question is: to what extent are those policies understood and followed by the people in the organization? In particular, how effective are these policies?

In order to answer such questions, we must look at cybersecurity holistically and consider the perceived needs and views of the organization’s members—in essence, the culture of cybersecurity within the organization.

It has been noted by many that a majority of cybersecurity problems are aided or abetted by insiders. It is important to understand these internal issues and how to mitigate them by understanding the culture of cybersecurity in the organization. Most organizations are becoming increasingly concerned about cybersecurity, but often do not have a scientifically grounded basis for determining what they should do. The results of this activity will enable the assessment and comparison of cybersecurity cultures along both longitudinal (across organizations) and temporal (over time) dimensions. This will help organizations determine where to devote additional attention and resources, and evaluate the effectiveness of such efforts over time.

More Information: 
Status of Activity: 
Inactive