Page 5 - Cyber-Security-Awareness-Program _Methodology_eBook_InfoSight
P. 5
In the planning phase, you will decide on the Awareness training can ensure personnel
ownership, roles and responsibilities of the individuals have a solid understanding of their
who will be involved in the program. You will also employer’s security practices and
secure the funding and executive level support policies. In contrast, one uninformed
needed for a successful program. individual can do substantial harm to an
organization’s systems and place its data
• Involve upper management. When upper and reputation at risk.
management says security is important and practices
what he/she teaches, people take notice. The same
goes for all administrators and managers down the
line.
• Appoint the right person to lead the charge. Dedicate
at least one person to focus 100 percent of their
energy on cyber security awareness across the
organization. This person needs to be an individual
who communicates well and knows how to sell,
market, and build relationships.
• Do your research. Understand the target audiences
and their organizational culture in order to customize
your message for greater retention. Different levels of
training are likely needed for different job functions.
• Build relationships. Security messages must permeate
the enterprise for the awareness program to be
successful. With minimal resources to carry out the
program, it’s important to build strong relationships,
engage influencers, and nurture those connections.
• Create ambassadors. Cyber security ambassadors are
the individuals in your organization who are willing to
evangelize cyber security awareness and directly
influence behavior change.
Determine your budget for the program, including the
purchase of cyber security awareness materials such as
online learning courses, articles for your website,
newsletters, videos, posters, email campaigns, games and
other educational content.
5 Cyber Security Awareness Program™, InfoSight Inc. 5