3½-page generic policy on information security awareness and training.
This policy specifies an information security awareness and training program to inform and motivate all workers regarding their information risk, security, privacy and related obligations.
If security awareness and training don't seem terribly important to your management, consider the alternative: an ignorant, careless and non-compliant workforce is a liability. They will cut corners and ignore instructions without regard to the consequences for the organization and third parties who may be impacted (e.g. customers whose privacy is violated). If managers and professional specialists are equally in the dark, don't be surprised if information risk and security is widely disregarded throughout the corporation, leading to an excess of incidents and avoidable costs.
[Hint: security-aware managers understand the need for, and value of, policies and good practices. Management-level awareness is an excellent place to start!]
Delivered as an editable MS Word document, easily customized for your organization's specific needs.