ABSTRACT
Educating users on the importance of information security is vital to the mission of any IT organization. At the University of Missouri - Columbia (MU), we recognize that information security can no longer take a back seat to productivity and the two must go hand in hand.
We recently implemented a campus-wide information security awareness program to educate students, faculty and staff on this important topic. The program consists of in-person and web-based training, monthly topic-specific campaigns, presentations to specialized groups and guest speakers. The goal is to educate users on specific information security issues and to create overall awareness that will change the way people think and ultimately the way they act.
In this paper, we explain how we created and implemented our security awareness program and discuss the stumbling blocks we encountered along the way. We explore different audiences, methods of delivery and what content we believe is vital to a successful program. Finally, we discuss the importance of establishing a flexible program that can be adapted to meet current and future demands while still being relevant to our users. The importance of information security awareness training should not be underestimated. IAT Services, the central IT group at MU, has implemented a comprehensive security awareness program to educate our users about the importance of information security. This paper will explore the creation of the program, the identification of different audiences and methods of information delivery and how to define what content is vital to a successful program. It will also discuss how to successfully maintain a relevant, long-term information security awareness program.
Index Terms
- "You are the key to security": establishing a successful security awareness program
Recommendations
Definition and Multidimensionality of Security Awareness: Close Encounters of the Second Order
This study proposes and examines a multidimensional definition of information security awareness. We also investigate its antecedents and analyze its effects on compliance with organizational information security policies. The above research goals are ...
An Investigation of Roles, Backgrounds, Knowledge, and Skills of U.S. Government Security Awareness Professionals
SIGMIS-CPR '22: Proceedings of the 2022 Computers and People Research ConferenceSecurity awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified ...
Impact of comprehensive information security awareness and cognitive characteristics on security incident management – an empirical study
AbstractOrganizations deploy a team of dedicated security professionals and spend significant resources safeguarding their digital assets. Despite best efforts, security incidents are on the rise and remain a key challenge. The literature has ...
Comments