Borrowing Ideas from Safety Science
Applying Accounting Practices to Security Awareness
Applying the ABCs of Awareness
Benefiting from Group Psychology
Remembering That It’s All About Risk
6 Part 2: Building a Security Awareness Program Chapter 4: Creating a Security Awareness Strategy Identifying the Components of an Awareness Program Figuring Out How to Pay for It All Chapter 5: Determining Culture and Business Drivers Understanding Your Organization’s Culture Identifying Subcultures Interviewing Stakeholders Partnering with Other Departments Chapter 6: Choosing What to Tell The Users Basing Topics on Business Drivers Incorporating Personal Awareness Topics Motivating Users to Do Things “Right” Common Topics Covered in Security Awareness Programs Chapter 7: Choosing the Best Tools for the Job Identifying Security Ambassadors Knowing the Two Types of Communications Tools Exploring Your Communications Arsenal Chapter 8: Measuring Performance Knowing the Hidden Cost of Awareness Efforts Meeting Compliance Requirements Collecting Engagement Metrics Measuring Improved Behavior Demonstrating a Tangible Return on Investment Recognizing Intangible Benefits of Security Awareness Knowing Where You Started: Day 0 Metrics
7 Part 3: Putting Your Security Awareness Program Into Action Chapter 9: Assembling Your Security Awareness Program Knowing Your Budget Choosing to Implement One Program or Multiple Programs Gaining Support from Management Devising a Quarterly Delivery Strategy Deciding Whether to Include Phishing Simulations Planning Which Metrics to Collect and When Branding Your Security Awareness Program Chapter 10: Running Your Security Awareness Program Nailing the Logistics Getting All Required Approvals Getting the Most from Day 0 Metrics Creating Meaningful Reports Reevaluating Your Program Redesigning Your Program Considering Breaking News and Incidents Chapter 11: Implementing Gamification Understanding Gamification Identifying the Four Attributes of Gamification Figuring Out Where to Gamify Awareness Examining Some Tactical Gamification Examples Putting Together a Gamification Program Promoting the Program Chapter 12: Running Phishing Simulation Campaigns Knowing Why Phishing Simulations Matter Setting Goals for Your Phishing Program Planning a Phishing Program Choosing a Phishing Tool Implementing a Phishing Simulation Program Running a Phishing Simulation Tracking Metrics and Identifying Trends Dealing with Repeat Offenders Management Reporting
8 Part 4: The Part of Tens Chapter 13: Ten Ways to Win Support for Your Awareness Program Finding Yourself a Champion Setting the Right Expectations Addressing Business Concerns Creating an Executive Program Starting
