Advertisement

Setting up an Effective Information Security Awareness Programme

  • Dirk De Maeyer

Abstract

The security group of a large insurance company in Belgium wanted to set-up and conduct a successful security awareness programme for all employees. Before designing the programme, the group performed field research (including discussing with security peers) into what constitutes a successful awareness programme. The security group also made an inventory of available awareness material, both internally (within the company and the group to which the company belongs) and externally. Based on the various input received a conceptual approach for an effective security awareness programme was drafted on which the insurance information security awareness programme was built. Measuring the results of the programme proved that the approach was effective.

Keywords

Information Security Awareness Campaign Awareness Programme Security Group Security Incident 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The Standard of Good Practice, Information Security Forum, January 2005, http://www.isfsecuritystandard.com/ pdf/standard.pdfGoogle Scholar
  2. awareness.phpGoogle Scholar
  3. National Institute of Standards and Technology Special Publication 800-16, Information Technology Security Training Requirements: A Role-and Performance-Based Model, April 1998.Google Scholar
  4. National Institute of Standards and Technology Special Publication 800-50, Building an Information Technology Security Awareness and Training Program, October 2003.Google Scholar
  5. National Institute of Standards and Technology Special Publication 800-55, Security Metrics Guide for Information Technology Systems, July 2003Google Scholar
  6. National Institute of Standards and Technology Special Publication 800-100, Information Security Handbook: A Guide for Managers, October 2006Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden 2007

Authors and Affiliations

  • Dirk De Maeyer

There are no affiliations available

Personalised recommendations