This template can be used to detail the activities to be conducted in a security culture campaign.
Goal: Which goal will this activity help you achieve? (Metrics module)
Title: Give the activity a descriptive name: E-learning for Phishing
Type: What type of activity is this? (e-learning, classroom, poster, etc)
Category: In case you use categories in your taxonomy
Resources required: Which resources (people, equipment, rooms etc) do you need?
Cost: What is the needed budget?
Source/Supplier: Where will you get the activity from? Internal? Supplier? Download? Details are good!
Owner of Activity: Who is the internal owner for this activity? This person is in charge of sourcing, QA, running the activity and evaluating the efforts afterwords.
Why is this a good activity: Explain why / how this activity will help you reach your defined goal. You may not remember 6 or 12 months from now.
Ordered: Depending on your preferences: Tick a box, or add the date of the order.
By whom: Add the name of the person who ordered it.
Activity to start: When does this activity start? Date is good, time of day even better!
Activity to end: When is this activity finished?
Completed: Tick the box, sign, and/or add your name/signature.
Date: As above.
Results: What are the results from running this activity? Unless you have set a metric measuring this particular activity, use metrics from the campaign. The more detailed you are, the better. The purpose here is to add information you can use to analyze and backtrack your steps later on.
Changes for the next run: Write down your thoughts and ideas for changing this particular activity next time you will run it. Any ideas goes. You may also want to explain why you want those changes – you may not remember your thoughts a year from now.
Notes: Anything goes here.
Download the template (PDF): template_activities
* Ron Knode Service Award by the Cloud Security Alliance
* NCI Fellow at the National Cybersecurity Institute in Washington DC
* JCI ITF #132
* Amazon Bestselling Author
Author/editor of the success books:
* Build a Security Culture, IT-Governance 2015
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author), The Roer Group 2012
* The Leaders Workbook, The Roer Group 2010
Latest posts by Kai Roer (see all)
- Notice of Breach - 07/12/2018
- Security Culture Framework Forum moved to LinkedIn Groups - 15/11/2018
- Security Culture Framework recommended by ENISA - 10/02/2018