Lance Spitzner (SANS) shares a blog from Janet Roberts at Progressive Insurance as part of a new series to get insight from other security awareness professionals.
"When I was challenged with building our security awareness program two years ago, I went out and benchmarked with a number of other companies, wrote a white paper complete with information on how much data we needed to protect, how many attempts were made on our system from the outside, and much more. I elevated the report to our CSO and he took it to other execs. I was asking for a budget. I got interest and an OK to move forward, but I needed to show something more to get what I was requesting. So I decided while I was asking the CSO to evangelize from the top, I'd try to create a groundswell of grassroots interest at the bottom.
I created this quirky little program we call PIE — Personal Protection, Identity Theft, Electronic Data. It's a lunch-and-learn, in-person, workshop program and .....yes!....we serve pie. Each employee gets a slice of pie, a folder filled with tip sheets and screenshots on how to reach our Intranet site, and a chance to talk to a security professional."