Building an Awareness Program
User awareness is part of the administrative foundation of a secure information processing environment. It is through an effective awareness program that a desire to meet policy objectives becomes part of your organization's culture.
The first step in building an awareness program is to understand the differences in the way each area of the business perceives policies and objectives. One of the easiest ways to accomplish this is the creation of a cross-functional awareness team. The assimilation of different perspectives provides insights into the best way to design awareness materials.
An awareness message should be short and to the point. The content of the message, whether delivered electronically or by some hard copy method, should address personal as well as organizational concerns. This makes the message more meaningful to individual users. An example of this approach, the "Did you know..." format, is depicted in Figure 1.
In this example, the message includes information relevant to the users' use of the Internet in general. It warns them of the possible problems associated with not practicing care when responding to messages. It also uses a short reference to the existence of a company policy related to this issue. By making users aware of personal as well as business risk, there's a better chance they'll remember the awareness message you're delivering.
There are other ways to deliver awareness messages. Table tent cards in the company lunch room, voice mail announcements, and posters are just a few. Be creative. Continuous use of the same old delivery methods might result in employee disinterest. The creation of unique delivery methods may not always be necessary. Review the general training and awareness programs that exist in your organization today. These might include,
- New employee training
- Infrastructure training for new network engineers
- Application training for specific system users
- Operational training for system managers
Building awareness training into each of these processes is an effective way to build user awareness with tools and content appropriate for various audiences.