Chapter 8 - Information security awareness training: Your most valuable countermeasure to employee risk

Abstract

The chapter outlines the processes, procedures, and materials needed to build and measure a successful awareness program, as well as tips and tricks to keep employees engaged and make security part of the company mindset. It serves as the foundation for starting a program or making an existing program better. The chapter illustrates why an information security awareness program presents the best benefit, low-cost countermeasure for safeguarding sensitive information properly at any company, regardless of size. It helps in learning the critical steps and components to implementing a successful program. The design and implementation of an effective information security awareness program is very complicated. An additional source of information is the Internet. However, the gathered information should be processed cautiously. An awareness program incorporates the company's defined behaviors regarding its policies, standards, and other guidance into easy to understand, commonsense protocols on how to safeguard sensitive information properly at the company. The chapter also describes ways to incorporate security awareness training as one of the least expensive and most effective security countermeasures.