Building Awareness: A Guide to Establishing a Successful Information Security Education Program

This seminar will showcase the methodology and results of a multiyear human security risk assessment and security awareness initiative at Michigan Technological University. Attendees will discuss the risk assessment system, metrics, and scoring used to identify specific training needs by the individual, department, and division to uncover high-risk behavior and to direct training and auditing where they are needed most. Multiyear data trends, combined with organizational structure data and training metrics, are used to measure the actual impact of awareness training. This process continues, and it is used to focus security resources based on institutional risk, rather than rumor, and to help calculate the business value of security awareness programs and other security initiatives and programs.