Having a security awareness program within the organization includes the following:
• Establishing Security Awareness Governance.
• Conducting Continuous Awareness.
• Designing targeted campaigns.
• Delivering awareness messages across communication channels.
Security Fist has established an effective approach to developing and increasing the level of security awareness at an organization. We refer to this as Information Security Awareness Program Development. Security Fist methodology follows the ISO 27001 standard and the PDCA (Plan-Do-Check-Act) methodology hence building quality management within.
To best promote the successful completion of these tasks, Security Fist’s Information Security Awareness Program Development is divided into Six major phases:
• Build and Operate a Security Awareness Office
Security Awareness Office (SAO)
A governance framework that allows organizations to keep their awareness program current based on changing regulations and security practices. The framework includes mechanisms to track program completion status, measures content effectiveness, and identifies areas that require more in-depth training. A typical SAO will include but is not limited to:
• Defining Security Awareness Office (SAO) mission, goals, and objectives.
• Establishing processes to:
o Maintain and update messages on regular basis.
o Conduct regular assessments.
o Design and develop campaigns based on needs assessments.
o Measure the effectiveness of a campaign.
o Provide reports and update for management and GRC groups.