It is necessary to have an understanding of the current security culture, and to then develop initiatives to reach a target state. However, it is also critical to understand your end-user groups and the different risks that they can pose. This phase will take you through the following activities:
- Build a development plan.
- Identify metrics for measuring the program.
- Identify user groups and their corresponding topics.
Use this phase as part of the full blueprint, Develop a Security Awareness and Training Program That Empowers End Users.