The Security Culture Framework is a free and open framework, methodology and philosophy to work with security culture. Maintained by a global community, the SCF is used by hundreds of organizations around the world to build and maintain security culture. The Security Culture Framework provides you with a great resource for building and maintaining security culture and awareness, based on best practices from around the world.
The SCF is a framework and offers a scaffolding to set up and manage your security culture process in your organization. Instead of replacing your activities and current campaigns, the SCF shows you where and when to conduct the needed steps to build culture.A Framework
The SCF offers a methodology consisting of an over-arching process, and iterative campaigns. Following the SCF method, you start building culture right away, with what you have. As you progress, so does your culture.A Methodology
Improving security culture is about building something better. The SCF is a strong proponent for positive psychology, using incentives to form the social behaviors that creates the security culture. Fear is a weak builder of security, trust is a strong one!A Philosophy
Following a structured, repeatable approach to building and maintaining security culture makes compliance a brief. When using the SCF, you document compliance with standards, regulations and contracts.Compliance Matter
