"You are the key to security": establishing a successful security awareness program

Educating users on the importance of information security is vital to the mission of any IT organization. At the University of Missouri - Columbia (MU), we recognize that information security can no longer take a back seat to productivity and the two must go hand in hand.

We recently implemented a campus-wide information security awareness program to educate students, faculty and staff on this important topic. The program consists of in-person and web-based training, monthly topic-specific campaigns, presentations to specialized groups and guest speakers. The goal is to educate users on specific information security issues and to create overall awareness that will change the way people think and ultimately the way they act.

In this paper, we explain how we created and implemented our security awareness program and discuss the stumbling blocks we encountered along the way. We explore different audiences, methods of delivery and what content we believe is vital to a successful program. Finally, we discuss the importance of establishing a flexible program that can be adapted to meet current and future demands while still being relevant to our users. The importance of information security awareness training should not be underestimated. IAT Services, the central IT group at MU, has implemented a comprehensive security awareness program to educate our users about the importance of information security. This paper will explore the creation of the program, the identification of different audiences and methods of information delivery and how to define what content is vital to a successful program. It will also discuss how to successfully maintain a relevant, long-term information security awareness program.