An Overview of International Cyber-Security Awareness Raising and Educational Initiatives (2011)
Campaign Evaluations – G. Information Security Awareness: Local Government and Internet Service Providers
ENISA (The European Network of Information Security Agency) report on ‘Information Security Awareness: Local Government and Internet Service Providers’ (2007) <http://www.enisa.europa.eu/act/ar/deliverables/2007/loc=gov/en>.
Abstract: This report details the information security awareness programmes undertaken by government (national and/or local) with an outreach to Internet service providers (ISPs). These initiatives represent government and ISP efforts to promote and develop a ‘culture of security’ among users within the European Member States.
Methodology: The research was carried out using a survey, which was made available to the European Internet Services Providers Association (EurolISPA), The European Local Authorities’ Telematic Network (Elanet), Eurocities and their members.
Findings: This report offers a series of Cyber-Security initiatives from various European countries along with evaluations of the studies. Because of the limited sample size, the report offers an analysis of the findings and their commonalities without a study of the European trends in this field. The main findings are as follows:
- Information security is seen as a high priority by local government and ISPs;
- The level of knowledge of the target groups is fairly limited or generally low;
- Most of the organisations and public bodies plan, organise and deliver information security awareness initiatives for a period of at least 12 months;
- Within local government organisations, information security awareness-raising activities are often part of a larger ICT campaign;
- Training is considered the most effective technique. Setting out comprehensive computer-based training plans and communication tools can help train employees to ensure programme effectiveness;
- Public-private partnerships can be a highly effective means of delivering campaigns, especially if each organisation can use their respective strengths and mobilise appropriate resources;
- The importance of measuring the effectiveness of information security awareness of programmes is duly recognised.