Building the business case #5
Security Awareness Program Management
An information security awareness steering committee will govern the program and will be ultimately responsible for ensuring the program’s success. Yearly, the business case will be reviewed and updates made by the committee. The committee will be responsible for appointing the manager of the program and for reviewing quarterly updates on the effectiveness of the program.
For effective delivery of the program, we propose that the security awareness program reside within the Information Security (IM) department. The manager of the program will gather information from the experts within the security department for the content and will also liase with the legal and human resources and training departments ensuring communication to the employees is clear, accurate and complete.
Program Plan and Delivery
A cyclical, ongoing program is being proposed in this plan. In order to provide a foundation for a secure organization and to continue to increase the level of awareness inherent with changing best practices and threats, we believe this method to be the most effective. A communication plan and schedule will be key to rolling out the program efficiently. Engaging and interesting marketing methods will be depoyed to raise the initial awareness of the training, followed by the actual training and then ongoing reinforcement materials will be prepared and delivered following each segment of the training. Constant monitoring and updating of the program will be done in parallel.
Measurement is essential to the continuing improvement and management of the program. In addition, measuring provides quantifiable data that can be communicated to management to prove that the program has delivered value and to justify the investment.
Program measurement methods we will use will be as follows:
|Communication Plan||Recognition, Interest, Questions raised, Materials Used, Costs||Survey|
Program plan budget
|Training Delivery||Delivery Method, Exercises used, Technical Issues that may have arisen, ease of use||Survey|
|Reinforcement Plan||Completion rates, Interest raised, material review, cost||Survey|
Program plan budget
|Program Outcomes||Pass/Fail, Complete/Incomplete, Time spent on training, # of departments involved and # of departments completed||Learning Management System reports|