1.1 Control Environment
“…culture determines the behaviour of people in an organisation and should, therefore, be used to influence the behaviour of people with regard to information security.” – Kerry-Lynn Thomson and Rossouw von Solms
Most entities operate in an environment that is influenced by perceived stakeholder values; the entity’s mission, vision and values; community and organizational ethics and culture; applicable laws, regulations and policies; as well as industry practices. When interacting with the environment, organizational units endeavor to maintain their basic culture while attempting to control external and internal factors impacting programs, systems, and processes dedicated to pursuing the entity’s mission. In systems theory, this characteristic is known as dynamic homeostasis. Contextually, ‘dynamic’ means that homeostasis is achieved even though the system is in a constant state of variable activity. Consequently, in response, organizational units generally rely on adaptive processes for appropriate responses to cope with changing environmental circumstances.