Persuading management to invest in security awareness
This free white paper helps information security managers justify their budget proposals for information security awareness programs. A range of creative ideas are incorporated into the cost-benefit case described in the paper.
A free white paper by information security specialist IsecT Ltd. helps organizations justify their budget proposals for security awareness programs. The 'Business case for an information security awareness program lays out a generic financial justification for an innovative approach to security awareness.
Most organizations accept the need to invest in information security technologies such as antivirus software and firewalls, yet relatively few understand the value of investing in security awareness. The business case paper urges organizations to consider their employees as an integral and vital part of their information security controls framework. In this context, the proposed investment in security awareness is seen as a highly cost-effective means of improving information security controls and thus reducing risks.
I wrote this paper initially out of sheer frustration", said Gary Hinson, IsecTs CEO, at the irrational reluctance to fund security awareness activities. Even though our awareness service costs a fraction of the amount normally spent on security technology, some potential clients tell us they simply dont have the money. I realized that I needed to help informatioon security managers explain to their management why security awareness is so important, and persuade them of the business value of having a professionally-designed communications program."
The program proposed in the paper separately addresses general employees, executive managers and technologists through appropriate awareness materials. Different information security topics are covered each month through a rolling communications process. These two innovative features are designed to maximize the breadth and depth of coverage, respectively, generating a deep-rooted security culture.
The paper outlines a cyclical process for creating and delivering the awareness materials, and incorporates branding and measurement techniques similar to those used in marketing.
Download an Adobe Acrobat read-only version of the free business case paper from http://noticebored.com/NB_generic_business_case_for_infosec_awareness_program.pdf or contact IsecT for an editable version. To find out more about the innovative security awareness service, visit NoticeBored.com.
|
