ENISA publishes updated awareness guide

The European Network and Information Security Agency, i.e. the EU Agency ENISA’s Guide to best practices in Awareness Raising is one of the Agency’s most highly appreciated reports.

Two years later, ENISA is now re-launching an expanded and updated guide which is pointing out both key factors for successful awareness raising, as well obstacles, and practical advice on how to overcome them. It contains four new major improvements: a new visualized process modeling, it identifies Key Performance Indicators for success, presents 6 case studies, as well as provides a new toolbox of 11 templates/samples from across Europe.

The first improvement of the Guide is the new visualization of the process of organising an Awareness Raising initiative. The guide analyzes the key, critical steps necessary to “kick-start’, plan, organise and run successful awareness raising initiatives: plan, assess and design, execute, evaluate and adjust.

The guide identifies the key components: defining the goals and objectives of awareness initiatives; defining target groups; developing a communication plan; measuring success, and finally, to adopt a change management approach, as being crucial for success.

The second improvement is the identification of Key Performance Indicators (KPIs); to assess the effectiveness of awareness programmes. The third improvement is the addition of concrete case studies and experiences from other organisations dealing with different awareness matters. The fourth improvement is a more complete toolbox of 11 different templates/samples e.g., a ‘lessons learned’ template, an awareness baseline worksheet, an awareness questionnaire and a target group data capture form.

The new, updated and expanded “User’s Guide: How to raise information security awareness” is available here.