Musings on Information Security :: Inflecting end-user awareness

This Month

Month Archive

February 2007
January 2007
December 2006
November 2006
October 2006

Main Page

Photos

Simplified Security: Security 101

Quotable security quotes

BS7799

Guest Column

Interview

Secure Personal Computing

Security Awareness Training

Good Security Customer

Security Initiative

security

RSS Newsfeeds

Main Page RSS

This work is licensed under a Creative Commons Attribution 2.5 License.

Main Page

Previous:	ROI of Security the debate continues..
Next:	Top 10 computer virus threat and what can you do about it?

Inflecting end-user awareness

by RaviC on Sun 03 Dec 2006 08:27 PM PST | Permanent Link | Cosmos

Recently I had access to an informative handout from Information Risk Executive Council about inflecting end-user awareness program.

Here are some takeaways from the handout, I wanted to share the jest of the handout:

1. Brand your security awareness initiative, it will provide visibility to your initiative.

2. Segment your training across various target user groups.

3. Identify the behavioral change that you desire to impart and design the training to effect the same.

4. Reward good security behaviors.

5. Leverage your existing marketing communications (and other cross functional departments) to run the program.

6. Monitor compliance across various business units, show them them the comparative chart - this will create a healthy competition.

7. Keep the program up to date, revise the program based on the feedback.

Design the program with the end goal of behavioral change in mind, segment program across various target groups, leverage existing delivery methods, measure results, compare results across business units to create competition. Last but not least, keep it updated.

Posted to:

Main Page