The Security Culture Framework

The free and open framework to build and maintain security culture

The Security Culture Framework is a free and open framework, methodology and philosophy to work with security culture.Created by Kai Roer, Chief Research Officer at KnowBe4 and maintained by a global community, the SCF is used by hundreds of organizations around the world to build and maintain security culture.

The Security Culture Framework provides you with a great resource for building and maintaining security culture and awareness, based on best practices from around the world.


A Framework

The SCF is a framework and offers a scaffolding to set up and manage your security culture process in your organization. Instead of replacing your activities and current campaigns, the SCF shows you where and when to conduct the needed steps to build culture.

A Methodology

The SCF offers a methodology consisting of an over-arching process, and iterative campaigns. Following the SCF method, you start building culture right away, with what you have. As you progress, so does your culture.

A Philosophy

Improving security culture is about building something better. The SCF is a strong proponent for positive psychology, using incentives to form the social behaviors that creates the security culture. Fear is a weak builder of security, trust is a strong one!

Compliance Matter

Following a structured, repeatable approach to building and maintaining security culture makes compliance a brief. When using the SCF, you document compliance with standards, regulations and contracts.

Get the latest about social engineering

Subscribe to CyberheistNews