Example Proposal. for. Information Security Awareness Programme. (Discussion Draft)

Similar documents
An Approach to Delivering. Professional Coaching Services. For Change

Media Pack NEWS EVENTS COMMENTARY SPECIAL REPORTS JOBS RESOURCES MARKET RESEARCH. placenorthwest.co.uk

Bring Your Own Device Assessment

Creating Articulate and Captivating e-learning Courses

Safety Management Systems (SMS) guidance for organisations

LEVEL 1 CERTIFICATE IN CUSTOMER SERVICE Resources Link

BRIGHTBYTE LTD. TERMS OF BUSINESS

Communications Policy

Investors in People Assessment Report. Presented by Alli Gibbons Investors in People Specialist On behalf of Inspiring Business Performance Limited

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

InItIatIves for IndustrIal Customers employee energy awareness PlannInG GuIde

COMPLIANCE OFFICER. CLOSING DATE: 12 June 2016

Stakeholder Analysis toolkit

BREEAM Communities 2012 Bespoke International Process Guidance Note GN07 August 2014

Hallmarks of Cancer: Asia

Financial and Commercial Services HIRE OF MANAGEMENT IT/IS CONSULTANTS

Chesterfield Borough Council. Internal Communications Strategy. April April 2017.

Communications Strategy

YPS Marketing Services and Promotion

Web CRM Partner Guide

Business Process Management. How to Thrive During the Economic Downturn November 2016, Doha - Qatar ISO 29990

Barn2 Media Terms of Business

General Terms and Conditions. Definitions

Entity Information Management Strategic Review Service Definition. Overview of the service

699 + VAT 2006 Dates-visit LMA Website: SELLING INFORMATION TECHNOLOGY PUBLIC AND IN HOUSE WORKSHOPS

E- learning skills matrix 2010

SOCIAL MEDIA STRATEGY

Financial education and member engagement support

Ideas for an Annual Stewardship Programme

Terms & Conditions for Client Organisations to Open Enrolment Programmes

Performance Management Consultancy

STREAMLINE HR BUSINESS PARTNERING & STRATEGY DEVELOPMENT

Setting SMART Objectives

APPLICATION PACK Project Manager - ecommerce

1.4. Ensuring people and communities know and understand these issues can help build trust and confidence in the Council and improve our reputation.

Consultation and Engagement Strategy

Board report for 31 May 06 Item 8

Strategic Presentation Skills Workshop

Achieving Successful Working Relationships TRAINER GUIDE

Completing the competency based application form

Communications Strategy

PRCA Communications Management Standard (CMS) for In-House Teams

What is benefit in kind tax and how quickly will it be applied to my pay?

Very Creative People Working with us

Community engagement: Developing a strategy

Business Support Services at The Matchworks. www. enterprise.plc.uk

Understanding the links between employer branding and total reward

Quality Indicators Report 2015

REQUEST FOR PROPOSAL. Provision of Content for the Digital Business Academy. Issued by: Tech City UK

Job description. Executive Assistant to the Chair, Medical Director and Manager

Clearing and Settlement Procedures. New Zealand Clearing Limited. Clearing and Settlement Procedures

Sample Peer Mentoring Handbook

BUSINESS OCR LEVEL 2 CAMBRIDGE TECHNICAL. Cambridge TECHNICALS VERBAL AND NON-VERBAL COMMUNICATION IN BUSINESS CONTEXTS CERTIFICATE/DIPLOMA IN

DECISION MAKERS. Solving Internal Communication Struggles. Let s get Started

Welcome to the HR Network Forum

WEB ON BOARD Terms and Conditions!!

To be used in conjunction with the Invitation to Tender for Consultancy template.

JOB DESCRIPTION. To provide administrative support for all assessment related processes for which Registry are responsible.

Communications Strategy and Department Work Plan

The post holder will be guided by general polices and regulations, but will need to establish the way in which these should be interpreted.

Introductory Level Management Training Programme

Your guide to marketing

A Sales Strategy to Increase Function Bookings

Frequently Asked Questions (FAQ s)

Job Description Strategic Projects Team Leader

Terms and Conditions. Stafford Website Company

Freedom The Studio Pilates International franchise network

Advanced Technical Report Writing & Presentation Skills

Marketing and Campaign Manager Job description

Diploma in Management Level 4

Community Rehabilitation and Support Worker

IMPROVING QUALITY. Quality criteria for global education school visits

Talent Management & Succession Planning Masterclass

PROMOTE YOUR BUSINESS FPFREE PACK GREAT FOR DISCOVERING HOW EUROPAGES WORKS. EUROPAGES

General Dental Council Website Review: Dental Professionals Survey Invitation to Tender

Resource 6 Workplace travel survey guide

The University of Adelaide Business School

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft

Restructure, Redeployment and Redundancy

University Centre at Blackburn College. Abbreviated Programme Specification Containing Both Core + Supplementary Information

Project Management Assessment Overview

CUFDIG502A Design web environments

Business Insurance Contract Terms and Conditions

Environmental Association for Universities and Colleges (EAUC) EAUC Head Office, University of Gloucestershire, The Park Campus, Cheltenham

Terms & Conditions Supply of Services

THE PROFESSIONAL PASSPORT JOBS NETWORK

Identify appropriate resources for long term, effective communication

How To Make A Contract Between A Client And A Hoster

Gaelic Football & Hurling Association of Australasia PUBLIC RELATIONS OFFICER (PRO)

TERMS OF SUPPLY FOR EDQM (COUNCIL OF EUROPE) EVENTS

Job Description. University of Bristol students creating a world class student life for themselves

CREATIVE STEAM LIMITED TERMS AND CONDITIONS JANUARY 2012

Change Management Certifications:

JOB AND PERSON SPECIFICATION. It has an annual budget of approximately 50 million and currently a staff of approximately 300.

CARIBBEAN TELECOMMUNICATIONS UNION CARIBBEAN REGIONAL COMMUNICATIONS INFRASTRUCTURE PROJECT (CARCIP)

Councillor Roger Bayliss Director of Housing

Project Leader Job Profile

Health and Safety Policy and Procedures

NDC { Oslo } 6-10 June Partner and Sponsorship Opportunities

Conducting A Communications Audit

Transcription:

Example Proposal for Information Security Awareness Programme (Discussion Draft) 1

Contents INTRODUCTION...3 SUMMARY OF TRAINING OBJECTIVES...3 TARGET AUDIENCE...3 THE AWARENESS CYCLE...4 GENERIC AWARENESS PROCESS...5 BENCHMARKING AND OBJECTIVES & BENEFITS ANALYSIS...6 CULTURE & METHODOLOGY ANALYSIS...6 PROGRAMME STRUCTURE DESIGN...7 MATERIALS PRODUCTION...7 TRAINING REQUIREMENTS PLANNING & TIME-TABLING...7 LAUNCH EVENTS...8 LAUNCH FOLLOW-UP SESSIONS...8 SELF STUDY & REINFORCEMENT / PROMOTIONAL...8 REVIEWS...8 COSTS...9 PROJECT MANAGEMENT...9 BENCHMARKING, OBJECTIVES & BENEFITS ANALYSIS,...9 AND CULTURE & METHODOLOGY ANALYSIS...9 PROGRAMME STRUCTURE DESIGN...9 MATERIALS PRODUCTION...9 LAUNCH EVENTS...9 SELF STUDY & REINFORCEMENT / PROMOTIONAL...9 REVIEWS...10 ORDER DISCOUNT...10 TOTAL...10 TERMS & CONDITIONS...11 2

The complexity of an awareness programme makes it impossible to provide costs without consultation although the Mission Possible demonstration disk contains a spreasheet that enables a guide price to be generated by filling in a number of variables. Introduction The proposal is based on x staff within {Company Name} offices in {Location 1} and a further x in {Location 2}. Summary of Training Objectives Whilst Compliance with the Security Code Of Practice is the broad objective of any awareness campaign, the sessions and materials are to be designed to address the key elements of information security, explaining why it is needed and how it relates to the delegates personal responsibilities. Specific objectives: To raise the general level of awareness The allocation of information security responsibility To gain, and maintain, commitment to good information security To re-enforce the Code Of Practice To have a positive impact on the organisational culture To achieve continuing improvement in information security Special attention will also be paid to ensure that the target audience understand that security is not just about addressing viruses and hacking as presented by the media, but covers all aspects of the Confidentiality, Integrity and Availability of {Company Name s} information. Target Audience Management Teams General User Population New Starters IT Functions 3

The Awareness Cycle Development (I ll help enhance it) Awareness (I know it exists) Communication (I ll promote it) Understanding (I know what it is) Commitment (I ll do it) Ownership (I agree with it) Value (I know why it s worthwhile) The objective of any awareness programme is to assist people to move around the awareness cycle in a planned and controlled manner. Not everybody in an organisation needs to progress the whole way around the cycle. As a rule of thumb, everyone should reach the commitment stage. Those with a leadership role or one that has direct relevance to the subject matter should complete the cycle and then continue to revisit it as the subject matter evolves. The awareness programme will address portions of the cycle separately as it is impossible to progress until an element has been achieved. For example, an individual cannot know the value of a subject unless they understand the subject and commitment will not be achieved without ownership, and so on. It will almost certainly require different approaches to each of the elements. Some can be addressed en-mass with poster or newsletter campaigns whilst others will require more traditional training or even something a bit different! 4

Generic Awareness Process Objectives & Benefits Culture & ology Analysis Programme Structure Materials Production Training Requirements Planning Administration Time-tabling Launch Event The Delivery Launch Follow-up Sessions Self-study Traditional Training Promotional Reinforcement Sessions Review 5

Benchmarking and Objectives & Benefits Analysis To enable us to understand the business objectives and benefits of the awareness campaign and to ensure that they are addressed appropriately. To measure the degree of success of the programme. The documentation provided by {Contact Name} states the overall programme objectives but there is a need to ascertain specific objectives of any particular location, division, department or job function. The definition of specific objectives may be combined with a benchmarking exercise to highlight any areas in need of particular attention. This is done via interview and the use of a targeted multiple choice questionnaire with key personnel and a sample of staff across the business. The questionnaire addresses both understanding and commitment to information security and needs to be led by an interviewer as the answers include weighting for confidence/attitude. A suggested sample size would be n% of the user base (x for {Location 1} and x for {Location 2} ). The benchmark interviews will be re-run after the principle portion of the awareness programme is completed to measure movement towards defined targets and to refine methods and messages for the on-going programme. Culture & ology Analysis To enable us to understand the culture of the organisation, existing training methodologies and any resistance to change. We are then able to propose appropriate training methods. The sites are visited to get a feel for the style of the workplace and to see which methods can be used, e.g. are there training rooms with multimedia, can posters be put up, are there any common areas such as a staff restaurant, and so on. Key personnel from each site are interviewed on three basic questions: What training methods are currently used in {Company Name} that work What training methods are currently used in {Company Name} that do not work What other training methods could be successfully used in {Company Name} These activities can be combined with the benchmarking interviews. 6

Programme Structure Design To ensure that the programme content is appropriate for the {Company Name} culture and the physical attributes of the offices. To structure the training programme to make the most efficient use of time and resources. A meeting with {Contact Name} to discuss the results of the benchmarking and cultural analysis to define the course structure and create a matrix of more specific objectives. Materials Production To act as the basis for self-study, traditional training or promotional activities, to reinforce the programme content and act as reference material. Deliverable Dependent on the earlier analysis, the materials may comprise some or all of the following: PowerPoint presentations Scripts Quizzes Videos Handouts Posters Self-study materials (books/cds/disks) Reference books/guides E-mails Mouse mats, mugs, etc. Training Requirements Planning & Time-tabling To ensure that staff receive the most suitable portions of the programme. The method depends on the level of granularity required in the training. It can range from a single method aimed at all staff, to different methods for each job function or department. This will not be known until the programme structure has been defined. It is usual for the client to allocate the staff to the appropriate training and to book them for presentations etc. First Base are able to assist if required. 7

Launch Events These are key to the success of the awareness programme. The launch events are used to achieve fast buy-in to the programme by staff, focusing on the key issues and to set the backdrop for the rest of the programme. s will be tailored to suit the message, culture and physical environment Launch Follow-up Sessions To give the delegates an opportunity to enhance any of the elements of the launch and to reinforce the messages. To provide specific additional messages to key areas such as IT or management. s will be tailored to suit the message, culture and physical environment. Self Study & Reinforcement / Promotional To drive home messages on key security issues, such as password management, visitor control or viruses. s will be tailored to suit the message, culture and physical environment. Key topics are focussed on and may be addressed in a wide variety of ways. The methods frequently follow the simple marketing model. This is because the issue is rarely one of understanding but one of commitment. If a message is reinforced regularly in the same way as adverts are repeated, often in a variety of formats, attitudes and the organisation s culture tend to be gradually altered. Reviews These meetings provide an opportunity to consolidate feedback from delegates, managers and presenters to evaluate the programme on an on-going basis. Corrections and improvements to materials and methods are also discussed and authorised in this forum. 8

Costs All prices include travel and subsistence as appropriate. Items 8-10 of the T&Cs do not appy to the products and services shown in this proposal. Project Management Included... foc Benchmarking, Objectives & Benefits Analysis, And Culture & ology Analysis {Location 1} (x days)...??? {Location 2} (x days)...??? Programme Structure Design {Location 1} (x days)...??? Materials Production Includes: Author to first draft First draft review ({Location 1}) Author to second draft Review second draft (via email) Author to final copy Sign Off ({Location 1}) Materials production total...??? Launch Events {Location 1} (x days, x sessions/day, x delegates/session, xhr sessions)...??? {Location 2} (x days, x sessions/day, x delegates/session, xhr sessions)...??? Self Study & Reinforcement / Promotional Mission Possible Full multimedia Format Set-up Costs (allowance to change x questions and insert logo & background)...??? {Location 1} (x licences purchased separately)...??? {Location 2} (x licences purchased separately)...??? {Location 1} & {Location 2} Combined (x licences)...??? 9

Mission Possible HTML Format Set-up Costs (allowance to change x questions and insert logo & background)...??? {Location 1} (x licences purchased separately)...??? {Location 2} (x licences purchased separately)...??? {Location 1} & {Location 2} Combined (x licences)...??? Discount if purchased with the CBT licences... (???) Booklets Set-up Costs (logo, background & organisation name throughout)...??? {Location 1} (x copies incl.??? allowance for delivery)...??? {Location 2} (x copies incl.??? allowance for delivery)...??? {Location 1} & {Location 2} Combined (x copies incl. delivery allowance)...??? Booklets in PDF Format Set-up Costs (logo, background & organisation name throughout)...??? {Location 1} (x licences)...??? {Location 2} (x licences)...??? {Location 1} & {Location 2} Combined (x licences)...??? Discount if purchased with the A5 booklets... (???) Reinforcement items {Location 1} (allowance of x @??? per person)...??? {Location 2} (allowance of x @??? per person)...??? Reviews Mid launch review ({Location 1} 1day)...??? Comparative benchmarking {Location 1} (x days)...??? Comparative benchmarking {Location 2} (x days)...??? End of launch phase review ({Location 1} 1day)...??? Order Discount If placed on a single order... (???) Total If all options taken for both sites...??? 10

Terms & Conditions 1. These terms and conditions are in addition to our standard terms and conditions of sale and are to the exclusion of all other terms and conditions including any which the client may purport to apply in any manner 2. The prices quoted for services or products are exclusive of VAT which shall be due at the rate ruling on the date of the VAT invoice 3. This quotation supersedes all previous quotations, either written or verbal 4. Prices quoted for services are valid for 30 days from the date shown 5. Prices quoted for products are valid for 7 days from the date shown 6. First Base may by giving notice to the Buyer at any time before delivery increase the price of products to reflect any increase in the cost to First Base which is due to factors occurring after the date of this quotation provided that the client may cancel this contract within three days of any such notice from First Base 7. Fixed maximum price quotations are based upon the terms of reference agreed between the client and First Base. Additional fees will be charged on a per diem basis should any terms of reference be changed by the client either verbally or in writing at any stage in the project 8. Travelling, hotel and living expenses will be passed on at cost. 9. Mileage will be charged at 65p per mile. 10. Travelling time, for journeys of more than two hours, may be charged at 50% of the prevailing consultancy fee, pro rata. 11. Invoices will be raised on a monthly basis and payable within 30 days of invoice date. 12. Training services are due for payment in full 14 days prior to training. 13. Any hardware or software acquired on behalf of the client must be paid for in full with the order. Any increase in price for products as per condition 6 above shall be paid in full within seven days of the invoice date. 14. Orders must be confirmed in writing, with an official order number when used, before any work can commence. 15. Clients cancelling orders for products or consultancy services within 21 days of the first agreed delivery date will be invoiced 75% of the total order value. 16. Clients cancelling orders for training services within 21 days of the first agreed delivery date will be invoiced 100% of the total order value. 17. Postponement or alteration of booked consultancy or training days may be treated as a cancellation by First Base. 18. Course delegate substitutions are permissible, providing that substitutes have sufficient technical knowledge to meet the course pre-requisites. 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information