Issue link: https://insights.oneneck.com/i/1476851
2 INTRODUCTION Building an effective and comprehensive security awareness program seems like a daunting task to those who are fortunate enough to be in the line of fire…I mean responsible for it. There is a lot of information at your fingertips, but how do you turn that information into something useful? Like most security awareness professionals, understanding a program's critical components and connecting them together to design something comprehensive, continuous and engaging is an overwhelming task. It is a task we are taking on head-first in this white paper in order to provide you with a strong blueprint to get started. What Is Your Starting Point? Let's first take a look at your organization's current efforts. You may find yourself in one of the following two positions: • You have an established program, but it is not effective (you are not alone) • A security awareness program does not currently exist (again, still not alone) To start, let's determine where your program originates. Many organizations use internal corporate training teams to create program content. Security content is starkly different than other corporate or compliance content. There is a level of security expertise required to understand the critical elements that need to be included in a program and then how to marry those different elements into digestible bites creating one long, never- ending meal. You see, whereas some training has a beginning and an end, security awareness training is continuous; there is no end. It is worth evaluating the internally-created content against that of industry providers to see how they measure up. If you are currently using a provider, it is time to look behind the curtain to better understand what you are paying for. All providers are not created equal. They will be different in approach, content, administrative functionality, reporting, etc... It is worth pausing to ensure that you are partnered with a provider that not only delivers the best, most comprehensive approach, but also helps you measure the outcomes of that program. The contents of this white paper will provide you with some comparative elements to get started. It is also important to consider who is leading your security awareness team/program. What we find is that these programs are commonly led by security practitioners who drew the shortest straw or someone in security who had extra time to deal with this "training stuff". You are looking for individuals who understand organizational development, have a background in training and knowledge of how to drive behavior. Look for candidates who have strong project management and communication skills and can lead up and across an organization.