About the awareness topics
There are lots of aspects relevant to information risk and security, meaning plenty of areas for your ISMS and awareness and training program to cover.
Rather than confusing people by attempting to cover everything at once, we recommend focusing on specific areas, one at a time. Pick a topic, introduce it, explain and expand on it, bring it to life and make it real. Educate and motivate your audiences, giving them them the chance to soak it up, discuss it among themselves and take it in ... before moving on to the next topic. Lather, rinse, repeat.
Start the sequence and launch your awareness program with the SecAware Information Security 101 module, bringing everybody quickly up to speed on the basics. After that, it's up to you what topics to cover, when and how.
We offer materials on a deliberately wide range of information risk, security and related topics. In addition to the obvious areas such as phishing, passwords and viruses, we're not afraid to delve into the concepts and principles of information risk management, incident management, business continuity management and more. The SecAware materials confidently tackle difficult issues such as hacking, insider threats, cybersecurity and Internet security, and take on sensitive topics such as BYOD and privacy. Focusing on each topic individually means scratching beneath the surface, describing the issues and explaining the concerns. People are more willing to behave securely and uphold the controls if they understand why they are needed and what they are intended to achieve.
We recommend regularising security awareness activities, with periodic updates ("refresher training") several times a year. This is a dynamic field so don't leave it too long between updates: new threats are emerging, new vulnerabilities are discovered and the organization's use and dependence on information is constantly evolving. As your existing content becomes out of date, it loses its relevance, interest, impact and value. Don't let it go stale like a moldy old loaf. Keep it fresh. Keep it SecAware.