measurement
Arguably, the most important part of your business case is being able to clearly communicate the costs and benefits of a program. Below is a suggestion for this final part of your business case.
Cost Benefit Analysis
Costs:
To fulfill the required mandate for a security awareness training program, we will need to allocate resources and purchase materials for this purpose. To ensure the program’s success on a long-term basis, we are requesting that a Security Awareness Training Manager be...
This blog entry provides you with a possibility for Section 5 of your business case in which you should discuss how the program will be managed and measured.
Security Awareness Program Management
An information security awareness steering committee will govern the program and will be ultimately responsible for ensuring the program’s success. Yearly, the business case will be reviewed and updates made by the committee. The committee will be responsible for appointing the manager of the...
No matter how effective or strong the information security program may be it is only as effective as the most malicious or incompetent employee. There are numerous examples of businesses that have spent hundreds of thousands incorporating leading-edge technology, procedures, monitory systems, policies and comprehensive training programs, only to have one employee do something that compromised the systems, the data or some business process. While we cannot discount governance and technology, the...
Rolling out a large Information Security Awareness Training Program can be an incredibly daunting task. Especially, if you have to ensure that your efforts are measurable in order to meet industry standards or adhere to legislation.
Let’s face it, you can’t measure the number of times employees look at the security awareness posters you just put up in the coffee room or in the elevator and how the heck do you measure the impact of a banner on the company intranet? Did it really change the...
