Build a Security Awareness and Training Program

Your weakest link is between the keyboard and the chair.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Security threats and exploits continue to be on the rise in the form of advanced persistent threats (APTs) and other unique attack types.
  • APTs and attackers are looking to go after the weakest link within your organization – the people.
  • Whether it is a lack of knowledge or a disregard for security, your end users are either the intentional or unintentional cause of security threats for your organization.

Our Advice

Critical Insight

  • Even with extremely robust security controls, your end users will continue to be one of the weakest links.
  • To change the behaviors of your employees, make them invested in organizational security through positive reinforcement.

Impact and Result

  • Focus on increasing employees’ knowledge within the training but actively going beyond to change their behavior by making them all security aware.
  • Go beyond the standard classroom style learning that is expected of training – use new teaching methods and positive reinforcement to ensure that your end users become more security aware.
  • Use Info-Tech’s blueprint and methodology to craft a program that will engage your audiences and employees, while ensuring to review important security-related topics.

Build a Security Awareness and Training Program

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build a security awareness and training program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.


Determine the appropriateness

Make the case for a security awareness and training program while reviewing the appropriateness for the organization.


Identify the content

Identify which topics need to be communicated to staff by reviewing security policies.

Onsite Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Determine Your Security Awareness and Training Program Appropriateness

The Purpose

  • Identify your organization’s rationale for building an awareness and training program and articulate this in terms of appropriateness.
  • Build project support through documented benefits and objectives.
  • Determine what the business thinks of security.

Key Benefits Achieved

  • Identified contributing factors towards developing a security awareness and training program.
  • Gained program support.
  • Understanding of what the business thinks of security.



Assess your program appropriateness.

  • Defined program rationale and appropriateness


Document your need for a program.


Define your benefits and objectives for a program.


Gain an executive champion.

  • Executive Champion


Measure the business satisfaction with security.

  • Determined current business satisfaction with security

Module 2: Identify Your Content for Your Program

The Purpose

  • Evaluate your existing security policy suite as a basis for your awareness and training program.
  • Identify any missing security policies needed to provide a foundation and credibility to your program.
  • Identify any unique security topics that need to be addressed. 

Key Benefits Achieved

  • Developed a complete security policy suite to support your program.
  • Prioritized security topics to be trained on. 



Identify existing security topics and policies.

  • Identified and prioritized security policies and topics to be covered in the program


Identify missing security policies.


Identify unique security topics.


Prioritize your security topics.

Module 3: Determine How to Execute Your Plan

The Purpose

  • Develop program governing structures to ensure efficient program creation and maintenance.
  • Identify what your target state for security awareness and training is.
  • Identify and customize multiple communication methods for your program. 

Key Benefits Achieved

  • Effective program governance.
  • Defined program purpose.
  • Identified current and target state of end-user security awareness levels.
  • Customized communication methods that are unique to your organization’s needs. 



Develop program governance.

  • Project Charter


Perform a current state assessment of your end users.


Determine your target state.

  • Identified target state


Develop your communication methods.

  • Customized communication methods

Module 4: Implement Your Program

The Purpose

  • Implement the program in a controlled agile methodology.

Key Benefits Achieved

  • Effective rollout of security awareness program.
  • Identify potential issues early on. 



Create an implementation timeline.

  • Implementation timeline


Run a pilot program.

  • Pilot program


Develop a review and update process.

  • Completed planning

Search Code: 76236
Published: October 20, 2014
Last Revised: June 5, 2015