Building an Information Security Awareness Program: 1st Edition (Paperback) book cover

Building an Information Security Awareness Program

1st Edition

By Mark B. Desman

Auerbach Publications

272 pages | 50 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9780849301162
pub: 2001-10-30
SAVE ~$24.00
Hardback: 9781138436985
pub: 2017-07-27
SAVE ~$41.00
eBook (VitalSource) : 9780429120800
pub: 2001-10-30
from $57.50

FREE Standard Shipping!


In his latest book, a pre-eminent information security pundit confessed that he was wrong about the solutions to the problem of information security. It's not technology that's the solution, but the human factor-people. But even infosec policies and procedures are insufficient if employees don't know about them, or why they're important, or what can happen to them if they ignore them. The key, of course, is continuous awareness of the problems and the solutions.

Building an Information Security Awareness Program addresses these concerns. A reference and self-study guide, it goes step-by-step through the methodology for developing, distributing, and monitoring an information security awareness program. It includes detailed instructions on determining what media to use and where to locate it, and it describes how to efficiently use outside sources to optimize the output of a small staff. The author stresses the importance of security and the entire organizations' role and responsibility in protecting it. He presents the material in a fashion that makes it easy for nontechnical staff members to grasp the concepts. These attributes render Building an Information Security Awareness Program an immensely valuable reference in the arsenal of the IS professional.

Table of Contents


Reviewing the Provisions the Company Now Has in Place

Learning the Players-Where the Power Resides

Learning the Corporate Culture-What Can Work Here, What Cannot

Obtaining Management Buyoff-How to Present the Case

Finding Communications Vehicles Currently in Place


Review All Company Polices, Procedures, Standards, Guidelines That Even Remotely Address Information Security Issues

Identifying What Can Be Updated

Identify Documentation Needed

Prepare Documentation

Prepare Forms

Obtain Management Support for Documents-The Seal of Approval



The Media Available Through the Company

New Technology (Video Taping, Streaming Video, Etc.)

Class or Presentation Design

Inclusion of HR Based Communications

Leveraging Resources

Locating Additional Resources

Placing Your Shots-Getting the Most Bang for Your Buck


Demonstrating the Effectiveness of Your Program

Refreshing Staff Knowledge and Agreements

Use Statistics-Sparingly but Pointedly

Getting Third Party Input

Leveraging Internal Audit

Keeping Up with the Joneses-What Is Happening in the Industry

Updating the Program to Address Changing Needs.

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Information Technology
COMPUTERS / Networking / General
COMPUTERS / Security / General