Elevating Security Awareness

Increasing the Relevance and Scalability of End-User Education

Topics: Information Technology, Information Security, IT Governance, Data Management

Implementation Resources

In this section, we've outlined common IT security challenges that institutions face, along with the security need and resource to help address and solve the problem.

Download all resources


IT Security Challenges

Checklist 1. IT is not using metrics to track or evaluate our awareness efforts, and we're not sure what to measure

Security need: Metrics for awareness
Resource: Security Awareness KPI Compendium


 2. If a breach happened today, we aren’t sure who would be in charge of escalation and communication; we aren’t prepared

Security need: Breach response roles
Resource: Incident Manager Role Template


 3. Boards and executives are uninformed about cyber risks or too worried; we need a balanced reaction from leaders to guide strategy

Security need: Pass-through education documents
Resource: Board Education Memo Template


 4. IT struggles with vulnerability education for department leadership, and establishing security controls benchmarks for remediation is too difficult to do campus-wide

Security need: Department leadership engagement tools
Resources: Risk Framework for Department Education and Department Security Scorecard Template


 5. We think self-phishing is a great way to show campus why security matters, but we are worried about pushback from end users

Security need: Self-phishing support documents
Resource: Self-Phishing Pre-Wire Template


 6. We’re not sure where to start with policy development for cyber risk mitigation

Security need: Draft policy language
Resource: Cyber Risk Mitigation Policy Language

Incentivizing Secure Practices