Affordable | Achievable | Relevant

A 2014 PWC ‎survey reported that 84% of data breaches were caused by internal users. Some 99% of those incidents were accidental with the remaining (and fortunately rare) incidents being malicious.


Whilst in today's world we have to accept that there are no guarantees and if an intelligence Service or a 15 year old super hacker want to get in they will, we can do something to mimimise the chance of accidental breach.


With significant penalties for negligence introduced to the Data Protection Act and clients increasingly requiring assurances over the protection of their data, as an absolute minimum user education should be at ‎the top of every firms learning agenda. For a relatively small outlay huge savings both in terms of penalties and perhaps more importantly reputation can be saved.


A good information security awareness program is not just an annual Powerpoint. It should be a well planned year long calendar of varied communications that keep users engaged, interested and up to date with the firm's policies, current cyber attack activity and latest developments.


The key reasons for a good education program are


Reduce risk of data breach

Assist with InfoSec accreditation

Strong message to clients

Cyber Insurance discount

Mitigate potential breach penalties





Objective: To help your staff fully understand the ProSec2 standard and advise others as to how accreditation can be acheived.


The ProSec2 User Awareness Program comprises of the following components FREE of charge as part of the overall package.



User Awareness Survey


We recommend that the 20 question survey is completed by a selection of the user population both prior to and post the User Awareness program as this will act as a key indicator to progress.


User Awareness slide deck


A 24 Slide presentation aimed at users to help deliver key information security messages.


User Awareness Program Execution Plan


An example Project Plan for mapping out all aspects of the User Awareness Program including:


  • Executive Summary

  • Steering Committee

  • Who

  • What

  • How

  • Feedback Evaluations

  • Quarterly Executive Briefings

  • Metrics

  • Key Dates and Milestones


User Awareness example communications


Example emails for the various stages of a communications plan


User Awareness example roadmap


A graphical calendar style roadmap suggesting months and weeks to deliver key InfoSec messages






ProSec2 InfoSec Awareness Program

Want to become an accredited ProSec2 Advisor?


Contact us for details

All PortCullis packages come complete with 10 fully editable Information Security Policy Templates


The single biggest reason for data breach is user error


The best form of defence is education

prosec2advisor training prosec2cert

User Education


* Required


224 logo large