~3-page information security policy template on awareness and training.
This policy specifies an information security awareness and training program to inform and motivate all workers regarding their information risk, security, privacy and related obligations.
If security awareness and training seems important to your management, consider the alternative: an ignorant, careless, non-compliant workforce is a liability. Workers fail to appreciate or react to 'obvious' threats, cut corners and ignore instructions without regard to the consequences for the organisation and third parties who may be impacted (e.g. customers or those whose privacy is breached).
If managers and professional specialists are equally in the dark, don't be surprised if information risk and security is widely disregarded throughout the corporation, leading to an excess of incidents and costs ... oh and a shortage of budget for information risk and security management!
Conversely, security-aware managers understand the need for, and value of, policies and good practices. If that sounds attractive, raising management's level of security awareness is an excellent place to start since managers are best placed to influence the corporate security culture as a whole.
Getting professionals on-board with the initiative has numerous advantages since they are closely involved in various aspects of information risk and security management and operations. Even something as simple as prompting an IT network administrator to think twice about the security implications of configuration changes is a win for security awareness.
Supplied as an MS Word document, readily customised for your organisation's specific situation.
Information security awareness and training policy
Information security policy template on security awareness and training
See also the policies on: