It’s a big temptation to jump right to how-to and policy training when implementing an Information Security Awareness Training Program (ISATP). However, you need to prepare your target audience first. Each person in your organization must understand why security is important. They must also realize management commitment to information asset assurance. Finally, each employee should understand the impact—both personal and organizational—if security best practices (as defined in policies, standards and guidelines) are not followed.
Once you have their attention, you can ask them to accept requests to sit through security training sessions, sessions that drag them away from their normal job of actually running or supporting business operations. A more important effect of awareness might be employee willingness to listen and learn.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment