It is necessary to have an understanding of the current security culture and to then develop initiatives to reach a target state. However, it is also critical to understand your end-user groups and the different risks that they can pose. This phase will take you through the following activities:
- Select your executive champion.
- Evaluate end users’ current knowledge.
- Identify user groups and their corresponding topics.
- Assess the maturity of the current program and set a target state.
- Set a minimum security awareness for end users.
Use this phase as part of the full blueprint, Humanize the Security Awareness and Training Program.