An information security awareness steering committee will govern the program and will be ultimately responsible for ensuring the program’s success. Yearly, the business case will be reviewed and updates made by the committee. The committee will be responsible for appointing the manager of the program and for reviewing quarterly updates on the effectiveness of the program.
For effective delivery of the program, we propose that the security awareness program reside within the Information Security (IM) department. The manager of the program will gather information from the experts within the security department for the content and will also liaise with the legal and human resources and training departments ensuring communication to the employees is clear, accurate and complete.
Program Plan and Delivery
A cyclical, ongoing program is being proposed in this plan. In order to provide a foundation for a secure organization and to continue to increase the level of awareness inherent with changing best practices and threats, we believe this method to be the most effective. A communication plan and schedule will be key to rolling out the program efficiently. Engaging and interesting marketing methods will be deployed to raise the initial awareness of the training, followed by the actual training and then ongoing reinforcement materials will be prepared and delivered following each segment of the training. Constant monitoring and updating of the program will be done in parallel.
Program Measurement
Measurement is essential to the continuing improvement and management of the program. In addition, measuring provides quantifiable data that can be communicated to management to prove that the program has delivered value and to justify the investment.
Tuesday, November 23, 2010
Monday, November 8, 2010
Delivery Methods
The method of delivery will be dependent upon the overall goals and expectations of the program. Delivering content monthly would be ideal. However, more realistically, content will be delivered on a quarterly basis. An approach that combines communication of the upcoming training topic (via posters, videos, banners or a game) will introduce vocabulary and make the end user aware of the upcoming training topic. Ideally you should try to do roll-out the communication materials 2 weeks prior to the online topic being delivered. Delivery of the content would then follow with a time allowance of 2 weeks. A reinforcement tool such as a newsletter, interactive game, etc. would then follow 2 weeks after online topic completion completing this training topic segment. The cyclical nature of this process allows time between topic deliveries to review online scoring and allowing for any remediation if necessary to take place prior to the next topic being delivered.
Subscribe to:
Comments (Atom)