Chapter 2

Creating a Security Awareness Strategy

IN THIS CHAPTER

Knowing the best way to talk to users

Figuring out what you want to say to users

Gauging whether users are listening

Finding a way to pay for it all

Building a security awareness program requires having strategy. CBT and phishing services are tactics. Before you start buying anything, you should know how you intend to use it, and how it fits within the overall strategy of your awareness program. So often, people get ahead of themselves and buy the wrong tools for their needs, and then a security awareness professional needs to work with them to figure out how to adapt these wrong tools for a job that would have been much more straightforward had they invested in proper planning.

This chapter helps you figure out how to approach users, gauge whether they are listening to your ideas (nothing works if no one listens!), and of course, find a way to pay for it all.

Identifying the Components of an Awareness Program

To create a security awareness program that works, you first need to know the three components of any ...

Get Cybersecurity All-in-One For Dummies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cybersecurity All-in-One For Dummies by Joseph Steinberg, Kevin Beaver, Ira Winkler, Ted Coombs

Creating a Security Awareness Strategy

Identifying the Components of an Awareness Program

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly