- The Importance of the Human Firewall
- Creating a Security Awareness Program
- Step 1: Gather Information
- Step 2: Develop a Format and Forum in Which to Present the Information
- Step 3: Prepare the Program Material
- Step 4. Present the Program to the Pilot Group
- Step 5: Present the Program to Senior Management
- Step 6: Develop a Schedule for Updating the Program
Creating a Security Awareness Program
At my first job (obviously, this was before I became a security professional), I disabled the password-protected screensaver that was implemented on my desktop as policy. Lack of knowledge and a desire to avoid entering my password every time I took a break, got coffee, or made a phone call led to this action. While perhaps it did increase my productivity, it left my machine, my data, and a connection to the firm's Intranet vulnerable to the casual eavesdropper whenever I wasn't in the room or at my desk.
Technology can be used to avoid some of these situations, but can't rule them out entirely. Educating users and arming them with the information they need to perform their job securely is essential. We need their buy-in. As hard as that may seem, developing an effective program doesn't have to be so onerous. As with so many other business activities, if you identify and follow a sound process, the end result will likely achieve or come close to the desired goals.
The following six-step process can serve as an effective template to developing a security awareness program for your organization. The steps are detailed in the following sections.
Develop a format and forum in which to present the information.
Prepare the program material.
Present the program to a pilot group.
Present the program to senior management.
Develop a schedule for updating the program.