Creating a Culture of Security


Published September 2021


It’s no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It’s not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. Security has become everyone’s job, and its management has become a strategic concern of the enterprise.

The approach we took to building a culture of security at USCIS looked like this:

  • Consistently connect security to mission objectives.
  • Build security into everything and correct mistakes quickly.
  • Establish norms and high standards for security hygiene.
  • Adopt a zero-defect approach.
  • Continuously vet security in development and production.

Don't forget to Sign In or Sign Up to Download


Sign up

You can update your preferences, unsubscribe or delete your account at any time by logging into the site, or via the links at the bottom of any of our emails.

Biting the hand that feeds IT © 1998–2021