Run Cyber Security Awareness Campaign like a marketer
As absurd it may sound, a successful cyber security awareness campaign need to be run like a marketing campaign. Here is a high level roadmap I briefly put together.
a. understand the culture context, general awareness level. For example, how has general media - Herald Sun, The Age or Facebook helped building the awareness of privacy and security via publishing identity theft and data breach stories;
b. understand you industry you are in and the common critical assets, think credit card data, health records and PII.
c. understand your audiences. segment them by job functions, tailor the content for them and position whether you like to raise general awareness or target a specific topic (e.g., whaling, if your audiences are executives)
a. build the contents based on analysis above think about incentives for your audiences, e.g., gamification;
b. select appropriate channels to drive the content, e.g, email, e-learning, quiz, questionnaire, mock phishing or social engineering.
a. develop metrics to measure the effectiveness
b. capture the findings from the campaign and use them to support and input into your cyber security program.