IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


Press release
10 August 2006

Time for Europe’s business to wake up - ENISA publishing Awareness Raising Guide

ENISA is publishing 'A Users’ Guide: How to Raise Information Security Awareness'. The Guide is featuring step-by-step practical advice for Member States on how to "kick start" planning, organising and running information security awareness raising campaigns targeted at different audiences (e.g. home users and SMEs), including a series of steps and recommendations.

The Executive Director of ENISA, Mr Andrea Pirotti, is commenting on the Guide:

- Security incidents across Europe have a significant economical impact every year. It is time for European business to wake up when it comes to Network and Information Security. Only in the UK, an average large business is suffering from security incidents costing up to 193.000 €/year, but spends only 4-5 % of its IT budget on security. (Source: DTI ISBS 2006)

- I am confident that this Guide will be a powerful tool for the EU and its Member States to prepare and implement awareness raising initiatives. This Guide is an excellent receipt of ENISA collecting and spreading models for raising awareness in security among SME across Europe.

The Guide is emphasising three key recommendations for success:

1. Effective Communication Planning. A communication strategy is at the centre of any awareness programmes, based on communication goals and principles, and aligned with target group needs;

2. A Change Management Approach (i.e. targeted communications, involvement, training and evaluation). Applying a change management approach is crucial for awareness raising initiatives as it helps closing the gap between a particular issue and human responses to the need to change;

3. Measurement of the value of awareness programmes. Campaign evaluation is essential for understanding effectiveness and making adjustments. Four main categories have been identified against which to measure security awareness:

  • Process Improvement
  • Attack Resistance
  • Efficiency and Effectiveness
  • Internal Protections

pdf 'A Users’ Guide: How to Raise Information Security Awareness'

For further information, please contact:

Isabella Santa, Awareness Raising Coordinator, ENISA

Ulf Bergström, Press and Communications Officer, ENISA
email("ulf") b


© Copyright ENISA - 2006