business case
Arguably, the most important part of your business case is being able to clearly communicate the costs and benefits of a program. Below is a suggestion for this final part of your business case.
Cost Benefit Analysis
Costs:
To fulfill the required mandate for a security awareness training program, we will need to allocate resources and purchase materials for this purpose. To ensure the program’s success on a long-term basis, we are requesting that a Security Awareness Training Manager be...
This blog entry provides you with a possibility for Section 5 of your business case in which you should discuss how the program will be managed and measured.
Security Awareness Program Management
An information security awareness steering committee will govern the program and will be ultimately responsible for ensuring the program’s success. Yearly, the business case will be reviewed and updates made by the committee. The committee will be responsible for appointing the manager of the...
Further building of the business case should include a review of how you will deliver the awareness program. This blog could be included as Section 4 of your business case.
Delivery Methods
The method of delivery will be dependant upon the overall goals and expectations of the program. Delivering content monthly would be ideal. However, more realistically, content will be delivered on a quarterly basis. An approach that combines communication of the upcoming training topic (via posters,...
As a follow up, to the last post, we are now working on Section 3 of the business case. In this section we review and detail the awareness program content. Here is the suggested sample content for this section:
Awareness Program Content
A robust content list fed to the end user on a monthly or quarterly basis will avoid information overload and will allow flexibility in the program so immediate response to current information security risks can be dealt with. A monthly or quarterly...
As discussed in the previous blog building a business case for security awareness can be a daunting task. So, we are helping you by providing you with a section a week to provide content for your plan.
Following is a sample Introduction section for the security awareness business plan:
2. Introduction
2.1 Background/Business Need
Security of data has become critically important to all organizations regardless of their location. Our increasing dependence on information, digital or...
Many of our clients need to prepare a business case for security awareness training to present to management. So, we thought it might be helpful if we provide some of the content that you can use for this purpose. A section of the business case will be provided per week. For this entry, we will start with what a typical table of contents would look like for this exercise and I will also provide some sample content for the executive summary section.
A typical business case table of contents...
Before diving into the planning process for a security awareness training project, it’s important to assign a project manager and appoint a communications champion as part of the project. Creating a project includes defining business objectives and scope (what’s included and what’s not) in a project plan document.
Ideally, the project objectives will closely mirror those described in the business case that was either verbally provided or put into an actual written document to obtain the...
