CHAPTER 49
IMPLEMENTING A SECURITY AWARENESS PROGRAM
K. Rudolph
49.2 AWARENESS AS A SURVIVAL TECHNIQUE
49.2.1 Awareness versus Training
49.2.2 IT Security Is a People Problem
49.2.3 Overnight Success Takes Time
49.3.1 In-Place Information Security Policy
49.3.2 Senior-Level Management Support
49.3.6 Reward for Good Security Behaviors
49.3.7 Destination and Road Maps
49.3.8 Visibility and Audience Appeal
49.4 OBSTACLES AND OPPORTUNITIES
49.4.1 Gaining Management Support
49.4.2 Keep Management Informed
49.4.5 Overcoming Audience Resistance
49.4.6 Addressing the Diffusion of Responsibility
49.5.1 Awareness as Social Marketing
49.6.1 What Do Security Incidents Look Like?
49.6.2 What Do I Do about Security?
49.6.3 Basic Security Concepts
49.7 TECHNIQUES AND PRINCIPLES
49.7.1 Start with a Bang: Make It Attention Getting and Memorable
49.7.2 Appeal to the Target Audience
49.7.3 Address Personality and Learning Styles
49.7.4 Keep It Simple: Awareness Is Not Training
49.7.5 Use Logos, Themes, and Images
49.7.6 Use Stories and Examples: Current and Credible
49.7.8 Involve the Audience: Buy-In Is Better than Coercion
Get Computer Security Handbook, Fifth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.