Security Awareness Blog

Security Awareness Training - Starting With Project Charter

I recently took Jeff Frisk's MGT 525 course on project planning. This is a great class to take if you are going to be working on any large scale or long term project, such as a security awareness program. What I liked best about his course is it brings structure to planning such a program and includes examples of key documents. One of the documents I found most helpful, and I now integrate in any security awareness program is the Project Charter. For those of you already familiar with the structured PM processes you know what a Project Charter is. However if you are not, this is the very first document you work on to get a project officially started. It ensures your project has official approval, gives you access to organizational resources and sets general expectations. Some key things the Project Charter identifies include

  • Who is the Project Manager, who is in charge or responsible of the awareness program?
  • Estimated budget for your awareness program?
  • When do expect to have your plan finalized, when do you expect to kick off the awareness training?
  • What are your program goals and objectives?
  • Why are we doing this, how are you justifying the awareness training?
  • Key milestones
  • Key assumption or constraints

To often security awareness programs have little structure or planning, with messages communicated in a add-hoc and infrequent manner. By starting with a Project Charter, you establish a solid planning foundation. You can download an example of a Project Charter for awareness programs, and other planning documents, with the SANS Securing The Human Security Awareness Planning Kit.