Information security data breaches are becoming larger and more frequent. Incorporating information security into the culture of the information technology (IT) staff members that support these technologies is a key function that must be considered in parallel to improved security technology. The framework proposed in this paper considers focusing on cost-reducing products, services and structures while building the correct behaviour and values in IT staff members and strengthening their ability to improve information security assessment capabilities in the organization to better support information security management. A tool to evaluate the framework is also described as well as concise feedback on how the framework and tool was tested in a few organizations.

信息安全数据泄露事件越来越大，越来越频繁。将信息安全纳入支持这些技术的信息技术（IT）工作人员的文化中是一项关键功能，必须与改进的安全技术并行考虑。本文提出的框架考虑将重点放在降低成本的产品，服务和结构上，同时在IT员工中建立正确的行为和价值观，并增强他们提高组织中信息安全评估能力以更好地支持信息安全管理的能力。还描述了一种评估框架的工具，以及有关在一些组织中如何测试框架和工具的简明反馈。