Security Awareness Program Updates – Managing Program Changes

Consistent updates will assist you in managing change throughout the yearly life cycle of your security awareness program. It is imperative that you update your program to ensure that training/ awareness/education deployments do not become stagnant and therefore irrelevant to real emerging issues faced by the organization. A planned and consistent update program will also allow you to address changes in security policy, directives and procedures driven from new threats, technologies or legislation. The following 5 steps we hope will assist you in managing program changes:

1. The awareness program should be continuously updated as new technology and associated security issues emerge. Typical program refresh time is every 12 months but changes in an organization’s policies or new emerging threats might dictate a shorter refresh cycle.

2. New training requirements will emerge as new skills and capabilities become necessary to respond to changes in technology and the overall security landscape. Look at implementing role-based e-learning – ie., manager training for new and existing managers, IT admin training, etc.

3. Changes to the organization’s objectives and/or mission can also affect how to best design training content and methods. Review resources and determine what mix of e-learning/seminar and/or outsourced training is required and balance training methods on both your current resources and budget.

4. Emerging trends and regulations/laws will also impact the type and extend of security awareness activities necessary to keep users educated about the latest threats and best practices.

5. New security directives will also drive the need to update and or explore additional training methods or components.