These are notes from a toastmaster meeting.

How many licks to get to the center of security awareness? 5 stages.
1) Human survey
2) Compliance based
3) growth/behavior change
4) Long term sustainment 5) metrics.
#1. The most important thing to do first is to get executives involved. If no visibility, you won’t be successful. They give you a budget and sign checks. Individuals identify attacks and avoid the breach as long as possible.
#2. Regulatory requirement. Every program regulated and compliance based. Gov’t making sure we do our jobs. IT Industry Standard, GDPR, Education, Financial, Government, Frameworks, Healthcare, Industrial controls.
#3 growth or behavior change. Build a culture of cybersecurity awareness. Know what phishing is, malware, worms. Etc. Weird things happening to the computer. IT will know signs of attacks. Cybersecurity should be part of the business. Will be more successful if integrated. We can’t know about the incident if people don’t report it.
#4 long term sustainment. Culture of cyber security awareness. Work with the executive team and find key people in an organization to help the program.
#5 Metrics to track progress and measure impact. Have to do for compliance and want to show an auditor that you are meeting regulatory requirements. If you don’t have a budget to roll out the program (IT guy) you can ask for help, use YouTube, aarp, sans, dhs,
stop.
think.
Connect, know before
5 stages of a good cybersecurity awareness program. Human survey, compliance-based, growth/behavior change, long term sustainment, metrics. Not going to happen overnight. Could take 3-5 years to implement.

Do you have something to add? If you do, please share in the comment section of this blog.