Security Awareness for Dummies by Winkler Ira;

Author:Winkler, Ira; [Winkler, Ira]
Language: eng
Format: epub
Publisher: John Wiley & Sons, Incorporated
Published: 2022-04-01T00:00:00+00:00

Gaining Support from Management

Though many awareness managers have the true support of their management and their management believes in the value of a well-implemented security awareness program, many awareness programs, unfortunately, are considered Check-the-Box efforts. Management authorizes and funds the program like it’s in place only to satisfy external requirements. If you’re reading this book, you clearly believe otherwise, as do I. Whether or not your management team believes in the true value of your efforts, this section intends to gain you as much support as possible.

Perhaps the greatest indicator of the likely success or failure of your program is the level of senior management support you have for it. If senior management supports your efforts, you will get the support from the departments you need. You’re more likely to get a reasonable budget. You’re more likely to get management to ensure that users spend the required time on your training and other efforts. Though you can’t expect to get everything, it’s a big start.

If you’re lucky, your senior managers see security awareness for the actual value and understand that the awareness program is a critical risk-reduction tool. Sometimes, awareness is a pet project of management. Management may support your efforts for a variety of reasons.

You should go to management with a clearly defined plan, but be aware that this support might be limited or burdened by preconceived notions. For example, some managers might state that they think awareness is critical, but believe that awareness is specifically CBT and that phishing simulations and other efforts are not necessarily. Some executives might have heard a speaker they like and then want you to spend a large portion of your budget on bringing in that speaker. So, despite some support, you might have to fight for efforts you find more critical.

Assuming that you lack full management support of your efforts, it’s worth the effort to try to increase the level of support. As I mention earlier in this chapter, you might want to increase your budget — and management support can provide that increase. Even if you’re satisfied with your budget, you need to ensure that you can gain the support of the other departments, as well as the guarantees that users will be required to devote the relevant length of time to your efforts. As I mention in the discussion of the hidden costs of awareness programs, the length of time required for the awareness efforts on the part of the users is the most costly aspect of your program.

This is one aspect of culture where you definitely need to understand the organizational culture and business drivers, to ensure that you can improve the security culture. You need to understand what will allow you to obtain and keep that support. This might include any preferences or hot button issues that will attract support. The more you understand what motivates your management to support any effort, the more likely you’ll know how to gain that support for your efforts, so do your research.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.