Читать книгу Security Awareness For Dummies - Ira Winkler - Страница 53

When you create a security awareness program, you want to create the most risk reduction while using the least resources. To optimize your efforts, make it your goal to influence as many people as possible, but don’t expect to influence everyone. You can potentially influence everyone, but that means dealing with everyone individually, and unless you’re in a very small organization, this approach is impractical and too expensive. From a practical perspective, if you spend more on your awareness program than you save through your efforts, your program will be a hard sell to management.

To discuss risk, you need to have a working definition of risk that you can use to step your organization through the costs and the expected rewards. This should also include the definition of exactly what is at risk. The following sections should help with the process.