Security Awareness

An Information Security Awareness Program is an organized effort to make employees and customers aware of risks to personal and institutional information and information technology, and to provide them with the skills and knowledge necessary to avoid those risks. While the program can be focused on one specific group (e.g., leadership), to be effective in its maturity the program should address all stakeholders, including leadership, employees, customers (i.e., students), and partners (i.e., external service providers). As explained in the CSO article “Seven Elements of a Successful Security Awareness Program,” the program should include C-Level support, partnering with key departments, creativity, metrics, ‘how-to’ information, and multiple methods of delivery.