Organizations need to build a security culture to provide a suitable information-protection solution. In this chapter, you will get an overview of the four main pillars of security culture, which are leadership support, efficient training, ongoing testing, and continuous communication to the entire organization and its partners. If you don't establish a security culture, you will have difficulty being successful in every part of an information-protection strategy, because every employee needs to know what information needs to be protected. Furthermore, the introduction of security measures can result in high costs if they are not sufficiently planned and not supported by the management.
An additional focus in this chapter is data classification, as the classification of information provides the basis for most security mechanisms...