Why Read This
Traditional security awareness initiatives focus on end user activities that help to create a security culture. Unfortunately, these activities don't succeed in obtaining buy-in or engagement from key executives and other stakeholders within the organization. Security groups continue to struggle with achieving appropriate visibility at senior levels and with securing appropriate funding. To increase their visibility, they must run security as a business, with marketing being job one. This report lays out a four-step process that CISOs should follow to create and manage a marketing and communications plan that addresses all key constituents and includes multiple visibility-increasing activities.