Seminar DescriptionInformation Security is more than technology and tools. It is also an organization’s behaviors, beliefs, assumptions, attitudes and ways of doing things. In other words, it is a Culture of security that pervades an enterprise. It may be strong, impactful, structured and respected or weak, ineffective, disorganized, contradictory, unrecognized and haphazard. Either way, a security Culture exists. For Information Security professionals, as well as IT Auditors and Risk Managers, the objective is to foster an intentional Culture, supportive of an organization’s overall goals for security.This seminar presents methods for achieving and strengthening a security Culture. It also provides a methodology for measuring and evaluating that Culture in the context of overall objectives. The presentation is based on ISACA’s publication, Creating a Culture of Security, written by Mr. Ross.