Enisa releases information security awareness guide

Practical advice for EU member states to improve information security

The European Network Information and Security Agency (Enisa) has published an information security awareness raising guide for small to medium businesses across its member states.

The guide features step-by-step practical advice on how to kick start planning, organising and running information security awareness raising campaigns including a series of steps and recommendations.

‘I think we have said it loud and clear we never miss any opportunity to meet very high ranking officials in the relevant ministries, instituions and industry and we tell them clearly that investment in security does not provide a visible return on the investment but it protects the lives of its citizens,’ said Andrea Pirotti, executive director of Enisa.

‘It cannot be postponed any longer, if people don’t fix the weak links in the chain of information security, the infrastructure would be exposed to interference and attacks – medium size companies would be the worst affected,’ said Pirotti.

‘The guide will be a powerful tool for the European Union and its member states to prepare and implement awareness raising initiatives,’ Enisa collected best practices from the more equipped member states and combined them with their own recommendations for the guide.

The guide outlines recommendations for success including the importance of a communication strategy as being central to any awareness programmes and should be aligned with target group needs.

It also highlights the importance of measuring of the value of awareness programmes and outlines how campaign evaluation is essential for understanding effectiveness and making adjustments.

The four main categories identified in the guide against which to measure security awareness are process improvement, attack resistance, efficiency and effectiveness and internal protections.

What do you think? Email [email protected]