Security Awareness Roadmap

One of the most common reasons we see organization's fail to establish a mature security awareness program is they fail to start with a plan.  You can easily spot such an awareness program, they randomly pick the topics they communicate, they communicate only a few times a year, they make little if any effort to understand and engage their audience, and have few if any metrics to measure human behavior.  The indicators for a mature awareness program include you know what your top human risks are, you have identified and understand your different target groups, you have an active communications matrix and identified key metrics to measure the human behaviors you care about.

However doing all this planning is not easy.  We know just how overwhelmed most security awareness officers, in fact the 2016 Security Awareness Report found that the average security awareness officer spends 25% of their time or less dedicated to awareness.   To help make your job easier and your program more effective we have over the years developed the Security Awareness Planning Kit.  The kit provides a framework and numerous templates you can use to quickly build a plan for your organization.  Used by hundreds of other organizations, you don't have to reinvent the wheel, instead you can rely on the tried and true materials that others have depended on.

Using the Planning Toolkit is very simple.   You begin with the Security Awareness Maturity Model, identifying where you program is and where you want to go.   The model then provides a roadmap on how to get there, starting with the three key questions of WHO, WHAT and HOW.  Who determines your target audience, whose behaviors are you attempting to change.  This then determines what you want to teach them, what are the biggest human risks and what behaviors will help manage those risk.  Finally how will you communicate those behaviors, what is the most effective way to engage your target audiences.  What's great about the planning kit is it provides the path to take and templates/examples for each step of the way.  Download the Security Awareness Planning Kit and other resources from our Planning Page.

To learn more on how to leverage the Security Awareness Planning Kit and building mature awareness programs, attend the two day SANS MGT433 course on building mature awareness programs.  If you already have a program but want to take it to the next level attend the Security Awareness Summit 3/4 August in San Francisco.