This may be a cry for help rather than a question. I need information on creating
a security awareness program for my company. Is there a good book I can get that will walk me
through this process in creating an awareness program?
- Building an information security awareness program, by Mark B. Desman
- Security awareness in the 1990s: Feature articles from the Security Awareness Bulletin, by Lynn F. Fischer
- Information security management handbook, Harold F. Tipton (Editor) Micki Drause (Editor). (An excellent overall resource with section chapters on security awareness.)
- Information security best practices: 200 Basic Rules, by George L. Stefanek Jon Varteresian
I would also suggest some excellent FREE information. NIST has two documents: 800-16 Information technology security training requirements: A role- and performance-based model, April 1998; and 800-18 Guide for developing security plans for information technology systems, December 1998. Both can be found on the Web.
If you are also looking for CDss and videos, the DOD has several. (They were free about a year ago, but check before you order!) The overview page for the media can be found at http://iase.disa.mil/eta/ProductDes.pdf.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Employee Security Education
Security Policies Tip: Security awareness training
Security Policies Tip: Creative user education
This was first published in May 2002