Step 4: Identifying Solutions to Facilitate Behavioral Change
The Security Awareness Cycle
The fourth step in the Security Awareness Cycle is to identify solutions to mitigate the risks or to facilitate a behavioral change. This is where you need to decide how you want to handle the risks identified in the previous steps. These solutions would typically take shape as either a policy, procedure, or guideline. In some cases, however, it might even take shape as a hardware implementation or as a software deployment. Password Management software, for instance, is a prime example of a software solution that may be necessary in order to handle the high-risk behavior of storing passwords on Post-It® notes or digitally in clear-text within text files, unencrypted spreadsheets, or within Outlook itself as notes or contact entries.
Step 5: Creating Security Awareness Material
The fifth step in the Security Awareness Cycle is to create the Security Awareness material, which could take form as email templates, newsletters, posters, screensavers, PowerPoint presentations, and others. The chief purpose of this material is to support the delivery of Security Awareness and training.