How to Create and Sustain a Quality Security Awareness Program

The most serious and potentially damaging IT security-related acts are almost always done by those with some form of authorized access. Employee attitudes and motivations must be a critical concern of all IT security programs. Motivating the different categories of "Users" of your systems requires tailoring awareness messages to their perception of business reality. Learn how to improve the security behavior of all employees — from the executive offices to the newest part-time interns — by targeting specific security awareness program elements and events. Receive practical ideas and techniques for delivering security training, customized according to your audience. Find out how to plan and execute a program that's right for your specific organizational environment and budget — one that will evolve with the organization.

Day One

An Awareness Program is Crucial — Examine awareness terminology and jargon and the benefits of a security awareness program — and the pitfalls of not having one. Receive strategies and tips on how to sensitize employees to appreciate the importance of protecting information resources, and how to deliver the message to those hardest to reach.

Security Training Team — Analyze the benefits of a team approach: how large this team should be, which functional areas should be represented, and who, specifically, should be on it. Identify the key players, as well as the peripheral people needed to ensure an effective effort. Target Populations — Learn techniques for segmenting your audience into manageable, relatively homogeneous groups. Then discuss the tools needed to determine the level of current security awareness for each group, including "walk around" inspections.

Training Implementation — Discover what type of information to gather and present, how to organize your presentation for maximum impact, and which meeting techniques are most effective. Learn how to develop an approach that's on target for each audience segment, including what topics to cover and at what level of depth.

Day Two

Training Objectives — How should the target audience "change their ways" as a result of the security awareness program? Examine the techniques for identifying and measuring this change. Learn the best ways to make sure the program is genuinely working and how to justify its continued existence and evolution to top management.

Information Sources — Discover educational materials that are currently available from the federal government, professional organizations, trade publications and other sources, and how to acquire them. Training Techniques — Analyze in detail a wide range of awareness techniques, including formal courses, informal briefings, on-the-job guidance, in-house publications, self instruction and videos. Consider the pros and cons of each and discuss when each is most appropriate.

Develop a Plan — Upon completion, you'll have developed the outline of a security awareness plan tailored for your organization's specific needs, ready to bring back and use on the job. Many organizations in both private and public sectors have sent people to this course and built active, dynamic, successful ongoing programs based on what they learned and did here.