Building the business case #5

This blog entry provides you with a possibility for Section 5 of your business case in which you should discuss how the program will be managed and measured.

Security Awareness Program Management

An information security awareness steering committee will govern the program and will be ultimately responsible for ensuring the program’s success.  Yearly, the business case will be reviewed and updates made by the committee. The committee will be responsible for appointing the manager of the program and for reviewing quarterly updates on the effectiveness of the program.

For effective delivery of the program, we propose that the security awareness program reside within the Information Security (IM) department.  The manager of the program will gather information from the experts within the security department for the content and will also liase with the legal and human resources and training departments ensuring communication to the employees is clear, accurate and complete.

Program Plan and Delivery

A cyclical, ongoing program is being proposed in this plan.  In order to provide a foundation for a secure organization and to continue to increase the level of awareness inherent with changing best practices and threats, we believe this method to be the most effective.  A communication plan and schedule will be key to rolling out the program efficiently.  Engaging and interesting marketing methods will be depoyed to raise the initial awareness of the training, followed by the actual training and then ongoing reinforcement materials will be prepared and delivered following each segment of the training.  Constant monitoring and updating of the program will be done in parallel.

Program Measurement

Measurement is essential to the continuing improvement and management of the program.  In addition, measuring provides quantifiable data that can be communicated to management to prove that the program has delivered value and to justify the investment.

Program measurement methods we will use will be as follows:

Item Criteria Tool
Communication Plan Recognition, Interest, Questions raised, Materials Used, Costs Survey


Program plan budget
Training Delivery Delivery Method, Exercises used, Technical Issues that may have arisen, ease of use Survey

Reinforcement Plan Completion rates, Interest raised, material review, cost Survey

Program plan budget

Program Outcomes Pass/Fail, Complete/Incomplete, Time spent on training, # of departments involved and # of departments completed Learning Management System reports


Post new comment

The content of this field is kept private and will not be shown publicly.
Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.