How to Create an Effective Security Awareness Program

"Social engineering bypasses all technologies, including firewalls." -Kevin Mitnick

Social engineering is often regarded as the most effective and powerful skill used by black-hat hackers and, until recently, it is one of the least addressed cybersecurity issues.
 
Studies show that 70% of US employees lack basic security and privacy skills                              (www.darkreading.com). Reports are indicating as much as a 37-fold return on investment in security awareness training, but what can we really expect from training employees in security awareness?

This introduction defines security awareness, explains why it is an important skill for all employees, and presents some of the key components of security awareness training and program design. This intro is designed to generate buy-in for the business value inherent in having a good security culture.