Security Awareness

People! The greatest asset: but also the greatest risk?

Organisations have spent countless amounts on information security awareness activities. The rationale behind this approach was to take their biggest asset – people – and change their behaviour, thus reducing risk by providing them with knowledge of their responsibilities and what they need to do.

But have these activities succeeded?



Information gathered from various authoritative sources would tend to indicate not, not fully or not yet.

It is true that organisations continue to heavily invest in ‘developing human capital’. The implicit idea behind this is that awareness and training always delivers some kind of value with no need to prove it. Employee satisfaction was considered enough. This is no longer the case.

Business Leaders now demand return-on-investment forecasts for the projects that they have to choose between, and Security Awareness and Training are no exception. Evaluating and demonstrating their value is now a business imperative.



Research into Employee Security Awareness presents uncomfortable reading:

*It is a well-accepted statistic that 35% of all security-related incidents are caused by people

*75% of Information Security Forum Members have an ongoing awareness programme, yet only 15% reported that they had reached that heightened level of awareness and positive behaviours that they are striving for.

*52% don’t define the target behaviours they want: and of the ones that do, only a proportion of those go on to measure whether they achieved them.

*50% don’t set a baseline from which to measure any improvement.

  • Over a quarter of Security Awareness programmes do not aim their awareness activities at reducing the frequency and magnitude of incidents.


How Can ITSecurity.Org Help?

ITSecurity.Org have decades of experience across a wide variety of Information Security, Risk Management and Compliance disciplines. ITSecurity.Org have experience in some of the most challenging environments as well as some of the best in world-class. This breadth of experience means that we can bring Security Awareness best practices into your organisation quickly and effectively.

We believe that we have produced one of the most comprehensive Security Awareness Programmes anywhere in the world.



Implementing An Enterprise Security Awareness Programme

Businesses wishing to develop a Security Awareness Programme should realise that just sending out an email or putting up a poster is not really going to work. A Security Awareness Programme is just that. It needs to be planned as thoroughly and as robustly as for a Communications or Marketing programme. After all, that is what it is.

We have worked out the Where, When, How, What, Who and Why for you.

We are able to build the very best Security Awareness Programme for you as the principles are created from World-Class Information Security Authorities. We have the Marketing and Communications resource and experience to help you to deliver your Security Awareness communications.

The Security Awareness Programme builds on itself and can be tailored just for your organisational needs.

We can advise you, based upon your risk assessments, which Security Awareness Topics should be delivered first and how the messages should be consolidated.


Communication Channels

We have all of the designed content available to deliver through any or all of these communication channels.

*Email, *Banners, *Posters, *SMS, *Balloons, *Leaflets, *Online Tools, *Formal Training, *Podcasts, *Rich Pictures, *Roadshows, *Social Networking, *Targeted Tests, *Workshops, *Consultancies, *Conference Call Briefings, *Team Leader And Manager Packs, *Supporting Documentation, *Games


 Security Awareness Topics

We have all of the designed content available to deliver through any or all of these communication channels.

A New Way Of Working, Acceptable User Policy, Access Control, Be Careful With Information, Be Security Smart, Bring Your Own Device, CBTs Completed, Clear Desk Screen And Office, Confidentiality, Cyber Security, Data Breaches, Data Classification, Data Disposal, Data Handling Guide, Data Loss Prevention, Data Protection, Data Protection Act, Data Transfer, Data Leakage, Electronic Communications, Email and Instant Messaging, Employee Breaches, Encryption, Enterprise Risk Management, Entry Control, Events and Incidents what’s the difference, Financial Services Authority, Fraud, GDPR, Hacked, HIPAA, How Is Information Classified, How To Keep Security In Mind, Human Resource Advice Employee Breaches, Identity Badges, Identity Theft, Incident Reporting, Information Access, Information Classification, Information Governance, Information Security, Information Security Governance, Insider Dealing, Insider Threat, Insider Threat Management, Integrated Managed Security Services, Internet Security, Introduction To Information Security, Intrusion Detection, Intrusion Prevention, ISO27001, IT Governance, ITSecurity, Laptops, Lost Client Services, Malware, Mandate Fraud, Mandated CBTs, Media Guidelines, Mobile Application Security, Mobile Device, Mobile Devices, Operational Security, Password Security, PCI-DSS, People, Phishing, Physical Security, Policies And Standards, Privacy, Ransomware, Risk Assurance, Risk Management, Sarbanes-Oxley, Secure Email, Security Awareness And Training, Security Awareness Library, Security Champions, Security Incident Reporting, Security Out Of The Office, Security Procedures, Security Responsibilities for Colleagues, Security Training, Site Security, Social Engineering, Social Media for Personal Use Policy, Social Networking, Standards Compliance, Telecommunications Security, Third Party Assurance, Visitor Security, What is Information Security and Why Does It Matter, Working In Public Spaces, Working In The Cloud, Working Securely Outside Of The Office, You Are The Target, Your Security Responsibilities