There are three major steps in the development of an IT security awareness and training program – designing the program (including the development of the IT security awareness and training program plan), developing the awareness and training material, and implementing the program. Even a small amount of IT security awareness and training can go a long way toward improving the IT security posture of, and vigilance within, an organization.
Awareness and training programs must be designed with the organization mission in mind. It is important that the awareness and training program supports the business needs of the organization and be relevant to the organization’s culture and IT architecture. The most successful programs are those that users feel are relevant to the subject matter and issues presented.
A la Carte:
Hourly Rate -Cost varies (Scope, Industry, Organization size, Complexity)
Determine security goals
Leverage a security framework
Evaluate security strategy