Safelight’s Security Education Blueprint offers a practical, structured approach to beginning or growing a security education program. At the center of the blueprint is a set of self-assessment questions that measure the people aspect of an organization’s information risk. After responding to the questions, a user receives a custom blueprint for building an education program that matches the organization’s risk profile.
Safelight’s Security Education Blueprint considers five functional groups of employees — general staff, development staff, IT and operations staff, executives and management, and security staff –and defines three program maturity levels for each group. Beyond categorizing staff by their function, the Blueprint acknowledges a more nuanced reality: the behavior of people in the same functional group often represents different levels of risk. Thus, the Blueprint makes specific recommendations for low, moderate and high-risk employees within each staff group.
"The Blueprint originated from our work with clients and our fundamental belief that organizations should train and equip every employee to protect information," said Cheyne. "As with any information security initiative, education programs should be risk-based. A successful program, one that sustainably shifts the way employees think about the value of information and their role in protecting it, is built with a clear understanding of how employees interact with information in their everyday work."
RSA Conference 2011 San Francisco, Calif. February 14-18, 2011