Skip to content
Menu
menu

Security Awareness Standard

Security awareness is a method of education to train your workforce about a variety of security threats and your company’s policies and procedures for addressing them.

Purchase the Softcover

ASIS members can enjoy a 50% discount off the list price. This Standard is also available as an eBook.

Purchase the eBook

Take advantage of the Security Awareness's valuable content anytime, anywhere with the Security Awareness eBook.

Standards & Guidelines eBooks are free to ASIS Members.

About the Standard

pubcover-2447-sa.jpg Security is everyone’s responsibility, yet employees may not understand how to protect themselves and support security measures in the workplace. An effective security awareness program can help.

Security program objectives supporting the overall security culture should be communicated through awareness and training activities in an organized and consistent method. The best programs begin by evaluating security risk based on an organization’s unique operational environment and implementing relevant policies and procedures.

Security awareness content should always align with the organization’s mission, vision, and core values. Some valuable topics to cover include the organization’s code of conduct; personnel security policies; bullying and harassment; workplace violence warning signs and prevention; travel security; access control; emergency procedures; and IT security, including password management, social engineering, scams, phishing, and other online threats.

The organization should leverage program content to be portable and deployable across the enterprise. Content should be delivered through a variety of methods, including written (memos, fact sheets, posters); verbal (meetings, online training), and hands-on (simulations, exercises, contests). The organization should establish metrics to measure its security awareness program and continuously strive to improve it.

What does it cover?

This Standard provides guidance to help organizations establish, implement, and communicate a security awareness program and provides general principles, guidance, and examples to assist organizations in creating and maintaining an effective security awareness posture as part of an enterprise security risk management program. The framework in this Standard is applicable to organizations of all sizes and types, regardless of industry or sector (private/public) that wish to obtain:

  • Top management support of awareness program objectives;

  • Guidance in understanding the role and importance of security policies and procedures, and promoting enterprisewide compliance with those policies and procedures;

  • Recommendations for awareness, training, program content, and delivery methods;

  • Guidance to help influence or modify individual or collective attitudes and behaviors; and

  • Guidance to help maintain, measure, evaluate, and continuously improve the security awareness program.

Related Content

ASIS-Webinars-Generic.jpgNatural Disasters: When an Organization is Most Vulnerable

Speakers will walk through assessments that can be conducted, as well as preparedness, mitigation and business continuity activities that can be developed and implemented to best address times when natural disaster incidents impact our organizations.

Register for the Webinar

ASIS-Store-150px-Certificate-Programs.jpgSecurity Risk Assessment Certificate
This self-paced, online course provides an overview of the risk assessment process and explains how to collect data, conduct a site survey, and evaluate countermeasures.

Download the E-Book

arrow_upward