Security awareness is a method of education to train your workforce about a variety of security threats and your company’s policies and procedures for addressing them.
About the Standard
Security is everyone’s responsibility, yet employees may not understand how to protect themselves and support security measures in the workplace. An effective security awareness program can help.
Security program objectives supporting the overall security culture should be communicated through awareness and training activities in an organized and consistent method. The best programs begin by evaluating security risk based on an organization’s unique operational environment and implementing relevant policies and procedures.
Security awareness content should always align with the organization’s mission, vision, and core values. Some valuable topics to cover include the organization’s code of conduct; personnel security policies; bullying and harassment; workplace violence warning signs and prevention; travel security; access control; emergency procedures; and IT security, including password management, social engineering, scams, phishing, and other online threats.
The organization should leverage program content to be portable and deployable across the enterprise. Content should be delivered through a variety of methods, including written (memos, fact sheets, posters); verbal (meetings, online training), and hands-on (simulations, exercises, contests). The organization should establish metrics to measure its security awareness program and continuously strive to improve it.
What does it cover?
This Standard provides guidance to help organizations establish, implement, and communicate a security awareness program and provides general principles, guidance, and examples to assist organizations in creating and maintaining an effective security awareness posture as part of an enterprise security risk management program. The framework in this Standard is applicable to organizations of all sizes and types, regardless of industry or sector (private/public) that wish to obtain:
-
Top management support of awareness program objectives;
-
Guidance in understanding the role and importance of security policies and procedures, and promoting enterprisewide compliance with those policies and procedures;
-
Recommendations for awareness, training, program content, and delivery methods;
-
Guidance to help influence or modify individual or collective attitudes and behaviors; and
-
Guidance to help maintain, measure, evaluate, and continuously improve the security awareness program.
Related Content
Natural Disasters: When an Organization is Most Vulnerable
Speakers will walk through assessments that can be conducted, as well as preparedness, mitigation and business continuity activities that can be developed and implemented to best address times when natural disaster incidents impact our organizations.
Register for the Webinar
Understanding and Mitigating Compex Coordinated Terrorist Attacks
This presentation seeks to re-focus some attention on CCTA for security professionals and upper-level management. It provides a definition but more critically it discusses how and why terrorist groups utilize them and what are effective risk and crisis management strategies.
Introductory Webinar on NEW ASIS International Standard on Security Awareness
This free webinar, recorded in 2020, explores the Security Awareness ANSI Standard developed jointly between ASIS International, and the International Information Systems Security Certification Consortium (ISC2). It provides an overview of the standard’s content which will assist organizations in creating and maintaining an effective security awareness posture as part of an enterprise security risk management program.
Advancing Your Security Career E-Book
This collection of articles from the security profession’s premier publication, Security Management, examines the possibilities of career advancement and the skills needed to move forward.
Download the E-Book
Staying Safe by Juval Aviv
Juval Aviv, a counterterrorism expert and international security consultant, outlines the essential tools for becoming personally responsible for the security and safety of yourself and your loved ones.
Security Awareness Program Policy Template
This template policy aligns with the ASIS Security Awareness Standard and aims at demonstrating an organization’s commitment towards the development and maintenance of a security awareness program.
Download the E-Book
