Communication opportunities to
reach the appropriate audience may include, but are not limited to the following:
Planned series of desired messages using an
available media type from above.
Materials that may be available
from outside companies, or may need to be internally generated:
Security bulletin board
To measure and evaluate the effectiveness of our awareness
program, we will do the following:
The MAIN method we will use to measure the
success of our program will be to conduct mini-audits, consisting of five to
ten observable items, which will be conducted before and after each main
message of our program, to determine whether or not there has been any behavior
change as the result of our Information Security Awareness Training program.
Track the number of audit comments related to
the issues covered by our awareness program to determine if there was a
Track the number of viruses encountered to
determine if there was a decrease.
Conduct surveys regarding the effectiveness of
our awareness program.
Request feedback regarding our awareness program
for continuous improvement.
8D Manager Software with 8D, 9D, 5Y and 4M report generator. Corrective action software for managing, measuring, and reporting.
Program Construction for Information Security Awareness Training
The Master schedule/calendar of Information
Security Awareness materials development, materials acquisition, and materials
and message distribution.
Develop or obtain the necessary materials from an outside
Develop communications for needs that are unique to the
local organization to supplement the overall program.
Implement the Information Security Awareness Training Program
according to the schedule developed in Program Construction Section I Program
Schedule. Be flexible and adjust the schedule to the immediate needs that may
occur within the organization. Promote Information Security Awareness at events
and opportunities as they become available.
I. Effectiveness Measurement
Measure the effectiveness of the Information Security
Awareness Training Program utilizing the activities designed in Program Design Part VI
II. Feedback Review
Analyze the feedback from the measurements/evaluations and
incorporate the analysis into future planning for the Information Security Awareness Training Program.
III. Revision Strategy
Review and revise materials periodically to keep them
current. It is recommended this be done by building the review process into the
continuing master calendar/schedule planning process.
IV. Continuous Improvement
Information Security Awareness Training is a perpetual process, it is
not a "quick fix". As the Program unfolds, and feedback is received,
begin performance planning for the ongoing Program. Information Security
related behaviors and knowledge can always be improved.