Security Awareness Strategy and Execution

An educated and empowered staff are a critical frontline in mitigating cyber security risks.

Background

Repeated analyses reveal that a significant number of data breaches and cyber security incidents are the result of human behaviours, be-it staff clicking on phishing emails, poor password practices or negligent handling of data.

Security awareness programs are a fundamental part of mature organisations cyber security strategies, and are integral parts of respected security frameworks (eg. NIST Cyber Security Framework).

Our role

Our client for this engagement is a market leading brand which prides itself on being at the forefront of digital innovation.

We developed a comprehensive, risk-aligned security awareness strategy to build staff resilience to cyber security threats, and create the foundations for a positive security culture.

This involved developing and executing a communications and education plan, developing a phishing simulation strategy in line with best practice approaches, and devising an engagement model between the security awareness team and the rest of the organisations.

The specifics

elevenM developed a program which:

  • Aligned security awareness activities to the organisations known risks and needs
  • Set out a communications program with both strategic and tactical outcomes
  • Designed a training and education program targeting all-staff and targeted groups, delivered online and in face-to-face formats
  • Designed processes and revised accountabilities to optimise the security awareness team’s operations.