Chapter 2

Creating a Security Awareness Strategy


Bullet Knowing the best way to talk to users

Bullet Figuring out what you want to say to users

Bullet Gauging whether users are listening

Bullet Finding a way to pay for it all

Building a security awareness program requires having strategy. CBT and phishing services are tactics. Before you start buying anything, you should know how you intend to use it, and how it fits within the overall strategy of your awareness program. So often, people get ahead of themselves and buy the wrong tools for their needs, and then a security awareness professional needs to work with them to figure out how to adapt these wrong tools for a job that would have been much more straightforward had they invested in proper planning.

This chapter helps you figure out how to approach users, gauge whether they are listening to your ideas (nothing works if no one listens!), and of course, find a way to pay for it all.

Identifying the Components of an Awareness Program

To create a security awareness program that works, you first need to know the three components of any ...

Get Cybersecurity All-in-One For Dummies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.