chapter  5
38 Pages

Building and Maintaining an Effective Security Awareness Program

Contents Overview ........................................................................................................... 110 Overall Objectives of This Chapter .................................................................... 111

Specific Objectives of This Chapter ............................................................... 111 To-Do’s for Readers ...................................................................................... 111

Chapter Outline ....................................................................................... 111 Terminology ......................................................................................................112 Rationale ........................................................................................................... 115

Why We Need Information Security ............................................................. 115 What Is “Awareness,” Anyway? ...................................................................... 116 Why IT Security Awareness? ......................................................................... 117

Making Awareness Happen ............................................................................... 117 Appoint an Awareness Team ......................................................................... 117 Translate Goals into Action Plans ................................................................. 118 Targeting the Program .................................................................................. 118

Needed Skills .....................................................................................................122 Desired Outcomes .............................................................................................124 Group Culture ..................................................................................................124 Program Content Factors ..................................................................................125

Overview Technology is a wonderful thing. Security technology keeps improving. It makes our jobs easier and strengthens the security of our computers and communication resources. And some of the newer and more advanced technologies require little or no human intervention. But the bad guys are improving, too; and so is their technology, and it’s doubtful that we’ll ever eliminate the actions or effects of carbonbased life forms (that’s us) in information security.