Our methodology

Having a security awareness program within the organization include the following:

  • Establishing Security Awareness Governance
  • Conducting Continuous Awareness
  • Designing targeted campaigns
  • Delivering awareness messages across communication channels

Security Fist has established an effective approach to developing and increasing the level of security awareness at an organization. We refer to this as Information Security Awareness Program Development. Security Fist methodology follows the ISO 27001 standard and the PDCA (Plan-Do- Check-Act) methodology hence building quality management within. To best promote the successful completion of these tasks, Security Fist’s Information Security Awareness Program Development is divided into seven major phases:

  • Assess
  • Design
  • Develop
  • Deliver
  • Measure
  • Build and Operate a Security Awareness Office

 

Security Awareness Office (SAO)

A governance framework that allows organization to keep their awareness program current based upon changing regulations and security practices. The framework includes mechanisms to track program completion status, measures content effectiveness, and identifies areas that require more in-depth training. A typical SAO will include but not limited to:

  • Defining Security Awareness Office (SAO) mission, goals and objectives.
  • Establishing processes to:
    • Maintain and update messages on regular basis
    • Conduct regular assessments
    • Design and develop campaign based on needs assessments
    • Measure the effectiveness of a campaign
    • Provide reports and update for management and GRC groups