Security Awareness Program Design and Implementation
ScottMadden developed requirements, selected a security awareness vendor based on leading practices, and established a leading practices program.
Utility Peer Group Discovery
- Polled and interviewed utility peer groups to assess information and habits of utilities in similar industry niches.
Established Standards
- Evaluated existing processes and developed recommendations based on business requirements and industry best practices.
Staff Education
- Conducted workshops to support security awareness program development, focusing on training program requirements to communicate workplace standards.
Challenge
A large U.S. energy company struggled with ensuring their employee population knew their security risks. The security organization needed a way to reach out to all employees meaningfully to break through the noise and establish a culture of security awareness.
Process
- Interviewed key stakeholders to understand their current efforts around security awareness.
- Polled and interviewed the peer group of utilities to provide insight into best practices for security awareness.
- Evaluated client’s current security awareness program against an established best practice.
- Developed awareness training program requirements and workshopped them to understand priorities.
- Conducted workshops with key stakeholders to develop and prioritize solutions and implementation plans.
- Evaluated vendors against requirements and best practices to determine the best fit.
- Established programmatic themes and a multichannel approach to security awareness to facilitate a culture of security.
Result
- An enhanced security culture within the organization.
- Creation of a new security awareness program with multichannel marketing throughout the enterprise.
- A security awareness program development roadmap addressing identified gaps and improving information security awareness.
Related Insights
Effective Change Management for Government Contractors
Case Study
ScottMadden led the change management planning and execution for the rollout of an out-of-the-box program management tool.
Information Security Program Development
Case Study
ScottMadden developed, documented, and supported the implementation of a multidivisional information security program for a specialized utility service provider.
Cybersecurity Risk-Based Business Plan
Case Study
ScottMadden supported the preparation and planning of a cybersecurity framework and effectively communicated with multiple stakeholder groups the benefits the business could expect to see.
Let’s Work Together
We don’t solve problems with canned methodologies; we help you solve the right problem in the right way. Our experience ensures that the solution works for you.