1 / 20

Ten Easy Steps to Creating an Effective Information Security Outreach and Marketing Plan

Multi-State Information Sharing and Analysis Center (MS-ISAC) www.msisac.org. Ten Easy Steps to Creating an Effective Information Security Outreach and Marketing Plan. Multi-State Information Sharing and Analysis Center (MS-ISAC) Ten Easy Steps to Awareness!. Step 1: Unearth Your Baseline

emmanuel-frank
Download Presentation

Ten Easy Steps to Creating an Effective Information Security Outreach and Marketing Plan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi-State Information Sharing and Analysis Center (MS-ISAC) www.msisac.org Ten Easy Steps to Creating an Effective Information Security Outreach and Marketing Plan

  2. Multi-State Information Sharing and Analysis Center (MS-ISAC)Ten Easy Steps to Awareness! Step 1: Unearth Your Baseline Step 2: Set Goals and Objectives Step 3: Target Your Intended Audience Step 4: Reach Out to Your Outreach Channels Step 5: Make Advocates Out of NaySayers Step 6: So You’re Not in Sales Step 7: Sing! Sing! Sing Step 8: Confront Your Challenges Step 9: Measure Your Successes Step 10: Do It All Over Again

  3. Introduction Mission To provide a common mechanism for raising the level of cyber security readiness and response in each state and with local governments. Goal Improve information security awareness at the State and local levels nationwide through an increased number of distribution channels.

  4. Purpose To lay out a repeatable and approachable process for focusing and executing outreach activates aimed at supporting state and local governments’ cyber security programs. Benefits Build Mature, Repeatable Outreach & Marketing Processes Organize for Success Identify Outreach Strengths and Weaknesses Engage Stakeholders Leverage Potential Partnerships

  5. What is Outreach & Marketing? Outreach Two-way communication to: Reach targeted audiences Establish mutual understanding Develop relationships Influence behaviors, attitudes, and actions • Marketing • Research • Who is the audience for a product or service • What are the capabilities of your marketing program • How to let your audience know about information security products and services offered

  6. Strategic Planning While an important part of planning outreach activities may revolve around introducing or “rolling out” specific products and services your organization has or will produce, outreach itself is a strategic endeavor.

  7. Challenges & Barriers Times & Resources Information/cyber security often gets placed on the back burner due to everyday fire drills, administrative demands, and other events that stress an already stressed IT office staff. If you are feeling this way, you should recognize two important characteristics of outreach planning. Focus & Priority Information security and cyber security are serious topics and deserving of proper attention to raise awareness of their importance and expand your influence.

  8. Outreach & Marketing Lifecycle Methodology Make informed decisions based on thorough research, established priorities, and a common vision. Planning Step 1: Assessment Step 2: Goals Step 3: Key Message Step 4: Stakeholders Evaluation 9 Measure 10 Feedback & Re-Assess Development Step 5: Stakeholder Commitment Step 6: Tools & Tactics Execution Step 7: Implement the Plan Step 8: Adjustments Outreach & Marketing Lifecycle

  9. Step 1: Unearth Your Baseline Data Collection Personal Interviews Benchmarking Focus Groups Surveys • Tips • Target your audience or stakeholders. • Identify what’s currently being done in the realm of cyber security. • Determine what information needs to be collected. • Determine process to conduct the data collection. • Test the data collection method with a sample audience. • Determine how to provide a summary of the results. Determine the Current State of Affairs

  10. Step 2: Set Goals and Objectives Set goals and objectives What the organization intends to achieve or to bring about through various activities. How do we get there? Articulate to stakeholders the intention to achieve an envisioned end state. Illustrate what needs to be accomplished and offer insights into how to appropriately direct resources. Define your outreach goals clearly. Acknowledge that the process starts small, requires constant feeding, and takes time to grow. Start Small, Feed It, and Watch It Grow

  11. Step 3: Target Your Intended Audience (But Don’t Shoot Them) Definewho you will be engaging in your outreach activities and what key messages you will deliver. Audiences are the recipients of your messages and products, and are influenced by your outreach actions. A Key Message is defined as an object of communication, or the information itself. Themes and messages tailored to each audience segment to specifically address the unique needs and concerns of each in line with your outreach goals. Communicate key messages within an appropriate context to engage stakeholders and convey the right information at the right time. Clearly convey your goals and objectives as well as your particular audiences’ role in the outreach process. Use Key Messages

  12. Step 4:Reach Out To Your Outreach Channels Identify Stakeholders Individuals or organizations with a legitimate and possible financial interest in a given situation or cause. Establish Contacts Build a list of contacts that can be reused. From many already established resources within your state, such as Internet listings of elected officials, or an existing Information Security Officer list. Identify Stakeholders in Order to Reach Out To Them

  13. Step 5:Make Advocates Out of NaySayers and Non-Believers Opinions of outreach audiences will develop as you successively engage each. Relationship Building Talk Honestly Recognize Phases of Stakeholder Commitment COMMITMENT - Stakeholders adopt new practices and perform new processes actively - Widespread acceptance that implementation of outreach program is beneficial to stakeholders’ success BUY-IN - Stakeholders show signs of approval and demonstrate a willingness to embrace your organization, its mission, and its activities UNDERSTAND - Stakeholders begin to improve their knowledge of the nature of this initiative and how they “fit in” AWARE - Stakeholders are unclear of your mission and how they will be personally affected by your activities UNAWARE - Stakeholders have little or no knowledge of your organization and its mission Overcoming Challenges by Creating Advocates– Stakeholder Commitment and Engagement

  14. Step 6:So, You’re Not In Sales – Hit the Road Anyway Developing outreach tools and tactics to deliver key messages is a critical element in your approach. Tools are devices or mechanisms that help deliver a desired end result in a mission. Tactics are conceptual actions used to advance or achieve a specific objective, which can include creative ways to deliver your message. Outreach and Marketing Tools and Tactics

  15. Step 7:Sing! Sing! Sing! Your Plan Like A Mockingbird All of the preparation you have done will now be put to good use. Once you have your outreach and marketing plan in place, it is time to spread the word. Create a website about information security Conduct research to see what might work best for you and your organization. Ask partners and stakeholders to place a link on their website to your website Implement the Outreach and Marketing Plan

  16. Step 8: Confront Your Challenges Make no bones about it; you will be confronted with challenges Potential Challenges Costs No budget or resources Trouble establishing a good relationship with an important stakeholder Lack of audience or support to deal with specific issues or problems. Culture change – no opening doors Still experiencing incidents andbreaches. Spin Them into Opportunities

  17. Step 9: Measure Your Success As you learn what works well and what doesn’t, measure your successes. Metrics Original Survey Results Achievement of stated goals and objectives Other metrics established Process Improvement Investigate and respond appropriately to metrics Evaluate Your Marketing & Outreach Plan

  18. Step 10: Do It All Over Again, But Better Find ways to address the gaps and make improvements. Determine why some of your strategies are not working; should they be revised or stopped? Check the Feedback Check the feedback Are you collecting feedback from targeted audiences effectively? Which messages are not being heard or understood? Reassess Make adjustments to your plan when necessary Solicit Feedback and Reassess Your Strategy

  19. Conclusion Follow these Ten Easy Steps to Create an Effective Outreach & Marketing Plan for Information Security Goals Assessment Key Messages Stakeholders Measure Create Advocates Planning Evaluation Development Feedback & Re-assess Execution Tools & Tactics Implement Plan Adjustments

  20. Acknowledgements The MS-ISAC would like to thank the State and Local Government Outreach and Marketing Workgroup developing good practices that can be shared with others to improve information security outreach and marketing programs. Workgroup Members include representatives from: Alabama, Alaska, Arkansas, California, Colorado, Florida, Illinois, Iowa, Michigan, Minnesota, Mississippi, Missouri, Nevada, New Jersey, New York, Oregon, Texas, Utah, Virginia, West Virginia, and Wyoming.

More Related