Security Awareness Planning

Security Awareness Planning

One of the greatest challenges facing organizations in building a security awareness program is where to start, how do you plan, develop, deploy and maintain an effective awareness program? Here you will find various resources to help you plan and maintain an awareness program that is not only compliant, but engages your employees and focuses on reducing risk by changing their behaviors. These resources are developed for the community and unless otherwise stated are distributed under the Creative Commons BY-NC-SA 4.0 license. Please send any feedback on how to improve these resources to

Security Awareness Planning Kit

This package provides the resources you need to plan, build and maintain a high-impact awareness program. Materials include policy templates, awareness surveys, compliance requirements, draft execution plan, and email templates. These materials are based on and follow the Security Awareness Roadmap.

Phishing Planning Kit

This package provides step-by-step instructions on how to plan an effective phishing program that your employees like. Learn from the lessons of others on how to ensure your phishing program is a success.

Security Awareness Roadmap

This Roadmap provides a single resource for you to map the maturity level of your awareness program is, determine where you want to take it, and detailed step-by-step instructions how to get there.

Awareness Program Communication Examples

Examples of different types of emails that may be used in communicating and coordinating your security awareness program.

Hardening The HumanOS

This short paper is written for the technical security community. The paper explains in common security technical terms how people are nothing more than another operating system, and as an operating system how they can be secured.

MGT433 - Building High-Impact Awareness Programs

This two day class covers how to plan, build, deploy and maintain a high-impact security awareness program. The course covers everything from strategic planning and execution to budgeting, metrics and reporting. In addition, during the class you will develop your own customized awareness program and execution plan which you can use the day you get back to the office. You can attend this class at SANS events, take it online through OnDemand, or attend virtually through Simulcast. Learn more and sign up here.