ABSTRACT
Executive management must support your information security and privacy training and awareness efforts for them to be successful. Not only must they provide financial support to effectively develop the program, but they must also provide visible support to demonstrate to the workforce the importance and necessity of your efforts. Create an information security and privacy education project plan that includes your objectives for awareness and training, and include estimates for necessary personnel, materials, time schedules, and any other associated costs (such as videos, manuals, and so on). Ask the management to provide funds to support the organization’s training and awareness compliance requirements. If you do not perceive support from senior management, it is likely you will encounter passive resistance from a significant percentage of personnel. They may not attend training for which they were scheduled, may ignore your requests to read and acknowledge policies and procedures, may ignore awareness activities, or may blatantly violate policies and procedures. It is important to prevent this by having executive management clearly communicate the importance of everyone’s participation prior to your training and awareness rollout.
