I recently took Jeff Frisk's MGT 525 course on project planning.  This is a great class to take if you are going to be working on any large scale or long term project, such as a security awareness program.  What I liked best about his course is it brings structure to planning such a program and includes examples of key documents.  One of the documents I found most helpful, and I now integrate in any security awareness program is the Project Charter.  For those of you already familiar with the structured PM processes you know what a Project Charter is.  However if you are not, this is the very first document you work on to get a project officially started.  It ensures your project has official approval, gives you access to organizational resources and sets general expectations.   Some key things the Project Charter identifies include
  • Who is the Project Manager, who is in charge or responsible of the awareness program?
  • Estimated budget for your awareness program?
  • When do expect to have your plan finalized, when do you expect to kick off the awareness training?
  • What are your program goals and objectives?
  • Why are we doing this, how are you justifying the awareness training?
  • Key milestones
  • Key assumption or constraints
To often security awareness programs have little structure or planning, with messages communicated in a add-hoc and infrequent manner.  By starting with a Project Charter, you establish a solid planning foundation.  You can download an example of a Project Charter for awareness programs, and other planning documents, with the SANS Securing The Human Security Awareness Planning Kit.