Book Review: Security Culture

In Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation. By Hilary Walton. ​Routledge; Routledge.com; 232 pages; $119.95.

Building and maintaining a strong security culture is integral to any organization’s security and resiliency. In Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation, author Hilary Walton demonstrates how to establish a “culture within a culture” where security is everyone’s priority and part of their day-to-day professional life. 

This is a book about assessing, implementing, and improving upon a security and risk management culture within an organization. The author successfully outlines the fundamentals of a comprehensive, pragmatic security culture campaign, citing her experience as an organizational psychologist and business consultant in the United Kingdom and Australasia. Six case studies of her suggestions in action add credibility, and three appendixes offer useful examples of proposal letters and a year-long security communications plan.

Though many of her suggestions focus on large enterprises, her recommendations are scalable for smaller ones. While most of the book focuses on cybersecurity issues, an experienced security manager will see applications for integrating the entire security operation, as well. 

This book is appropriate for a wide range of practitioners, instructors, and consultants who want to establish and build upon a strong security culture within their organizations. 

--

Reviewer: Erik Antons CPP, PSP, is manager of international security and executive services for Sempra Energy and is a former special agent with the Diplomatic Security Service, U.S. Department of State. He is a member of the ASIS International Global Terrorism, Political Instability and International Crime Council and a board member for the ASIS San Diego Chapter.