The Research Institute in Science of Cyber Security (RISCS), Hewlett Packard Enterprise (HPE) and CESG - now part of the NCSC - have published a white paper encouraging organisations to engage employees in order to improve cyber security.
The white paper 'Awareness is only the first step' outlines a set of steps that will help organisations deliver effective security communciation and training (CET). The paper aims to "set out a framework for security awareness that employees will actually engage with, and empower them to become the strongest link - rather than a vulnerability - in defending the organization.
"The secret is engaging your people in the right way, so they can convert learning into tangible action and new behavior. Security CET needs to be properly resourced and regularly reviewed and updated to achieve lasting behavior change".
The paper also suggests a framework for progressive engagement (shown above) that act as a lifecycle for awareness activities that should be implemented and revisited.
The full white paper can be downloaded in full from the RISCS website.