Resources: Planning Your Awareness Program


Once you've gained the necessary internal support, the next step is deciding how to develop, deploy, and maintain an effective awareness campaign. These resources are developed for the community and unless otherwise stated are distributed under the Creative Commons BY-NC-SA 4.0 license. Please send any feedback on how to improve these resources to

Making Awareness Stick

One of the most common, long-term challenges faced by any awareness program is getting it to stick. How do you create an engaging program that people want to listen to, teaches them more, and ultimately changes behaviors? In this talk we explain what organizations are effectively doing around the world to emotionally engage and communicate to their employees. Key points you will learn include behavior modeling, defining culture, developing an engagement strategy, communication methods and ambassador programs.

Security Awareness Planning Kit

This package provides the resources you need to plan, build and maintain a high-impact awareness program. Materials include policy templates, awareness surveys, compliance requirements, draft execution plan, and email templates. The materials are based on SANS MGT433 two-day course, Securing The Human, to include all the labs handed out in the class

Phishing Planning Kit

This package provides step-by-step instructions on how to plan an effective phishing program that your employees like. Learn from the lessons of others on how to ensure your phishing program is a success.

Awareness Program Communication Examples

Examples of different types of emails that may be used in communicating and coordinating your security awareness program.

MGT433: Building High-Impact Awareness Programs

This two day class covers how to plan, build, deploy and maintain a high-impact security awareness program. The course covers everything from strategic planning and execution to budgeting, metrics and reporting. In addition, during the class you will develop your own customized awareness program and execution plan which you can use the day you get back to the office. You can attend this class at SANS events, take it online through OnDemand, or attend virtually through Simulcast. Learn more and sign up here.