Build Effective Security Awareness Program

By | April 13, 2006

You’ve developed a world class security program. Your technology-based defenses are cutting edge. Your security team is well trained and ready to handle anything that comes its way. So you’re done, right? Not quite. One of the most important pieces of an effective information asset defense is missing – employee awareness.

Awareness programs shouldn’t be confused with training. Training deals with developing specific skill sets. The objective of awareness programs is to focus the attention of employees on maintaining the confidentiality, integrity, and availability of information assets. It allows them to recognize IT security concerns and respond appropriately.

A security team alone can’t provide the kind of overall enterprise awareness necessary to fend off the wide variety of incidents an organization might face. That kind of awareness requires the active participation of every employee in the company. Further, incidents caused by employee mistakes result in far more damage to businesses every year than external attacks. Obtaining the support and participation of an organization’s employees requires an active awareness program; one that’s supported by all layers of management. “Your employees are the stewards of your critical data and information assets…”. Make sure they’re up to the challenge.

A fully aware workforce is able to prevent many incidents. Unpreventable incidents are identified faster, resulting in less business impact.

In this paper, I define security awareness, list the objectives of an effective awareness program, and I step through a process to build, implement, and manage on-going support of the program.

Click Here to download the paper

Leave a Reply