Information security awareness training: Your most valuable countermeasure to employee risk

As the previous chapters stated, social engineering attacks are a very real security threat that individuals as well as companies of all sizes must contend with on a daily basis. One way a company can minimize the risk of falling victim to such an attack is to design and implement an effective Information Security Awareness Program. This chapter explains why such a program is the best low-cost countermeasure for safeguarding sensitive information properly at any company, regardless of size. After highlighting the role of an Information Security Awareness Specialist, the chapter explains in detail the critical steps to implementing a successful Information Security Awareness Program. Among these is the creation and presentation of a business plan, a topic on which the text provides several guidelines. The chapter also delves into the components of an awareness program, and then discusses how to implement the program once the business plan is approved.