Security Awareness Standard (ASIS SA-2020) - eBook
Take your reading to the next level with our new eBook experience – where you can access your favorite ASIS publications anytime, anywhere. The easy-to-use features let you view from the browser or an app, add notes, highlight text, and more.
To see how this new platform works, click here.
This Standard provides guidance to help organizations establish, implement, and communicate a security awareness program. The goal of a security awareness program is to promote organizational and individual actions that can be taken to reduce risks and promote a culture of security. An effective program provides a framework for awareness of and compliance with security policies and procedures, controls, and practices to ensure organizations and individuals (e.g., employees and others working on behalf of the organization) act responsibly and make appropriate security-related decisions.
This Standard provides general principles, guidance, and examples to assist organizations in creating and maintaining an effective security awareness posture as part of an enterprise security risk management program. The framework in this Standard is applicable to organizations of all sizes and types, regardless of industry or sector (private/public) that wish to obtain:
- Top management support of awareness program objectives;
- Guidance in understanding the role and importance of security policies and procedures, and promoting enterprisewide compliance with those policies and procedures;
- Recommendations for awareness, training, program content, and delivery methods;
- Guidance to help influence or modify individual or collective attitudes and behaviors; and
- Guidance to help maintain, measure, evaluate, and continuously improve the security awareness program.
This Standard is intended to be incorporated into an organization’s overall enterprise security risk management program to inform and promote its unique security culture.
Take your reading to the next level with our new eBook experience – where you can access your favorite ASIS publications anytime, anywhere. The easy-to-use features let you view from the browser or an app, add notes, highlight text, and more.
To see how this new platform works, click here.
This Standard provides guidance to help organizations establish, implement, and communicate a security awareness program. The goal of a security awareness program is to promote organizational and individual actions that can be taken to reduce risks and promote a culture of security. An effective program provides a framework for awareness of and compliance with security policies and procedures, controls, and practices to ensure organizations and individuals (e.g., employees and others working on behalf of the organization) act responsibly and make appropriate security-related decisions.
This Standard provides general principles, guidance, and examples to assist organizations in creating and maintaining an effective security awareness posture as part of an enterprise security risk management program. The framework in this Standard is applicable to organizations of all sizes and types, regardless of industry or sector (private/public) that wish to obtain:
- Top management support of awareness program objectives;
- Guidance in understanding the role and importance of security policies and procedures, and promoting enterprisewide compliance with those policies and procedures;
- Recommendations for awareness, training, program content, and delivery methods;
- Guidance to help influence or modify individual or collective attitudes and behaviors; and
- Guidance to help maintain, measure, evaluate, and continuously improve the security awareness program.
This Standard is intended to be incorporated into an organization’s overall enterprise security risk management program to inform and promote its unique security culture.
| Author | Professional Standards Board |
|---|---|
| Published Date | 2020 |
| Languages | English |
